Re: ca_root_nss compile failure
Am 01.10.2016 um 03:43 schrieb Carlos J. Puga Medina: > Hi Matthias, > >> Am 28.09.2016 um 10:36 schrieb Carlos J. Puga Medina: > Sorry, I >> wasn't clear enough in my first reply: I set ssl=3Dopenssl as >> default version in make.conf to pick openssl from ports instead >> from base because the openssl port was previously updated and >> fixed. Later I updated my system with all patches applied and >> reverted the previous change in /etc/make.conf. >> >> You still need to deinstall the ports openssl and then make sure >> to rebuild all ports that depend on it. > > Yes, I did :) > > I had this issue with poudriere. Everything works smoothly again. > > Regards, Carlos, good to see it works for you. For the records, to update the poudriere jail, that would be: poudriere jail -j 103amd64 -u where the "103amd64" needs to be replaced by whatever the jail's name is; "poudriere jail -l" will print a list. Regards, Matthias ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: ca_root_nss compile failure
Hi Matthias, > Am 28.09.2016 um 10:36 schrieb Carlos J. Puga Medina: > Sorry, I wasn't clear enough in my first reply: I set > ssl=3Dopenssl as > default version in make.conf to pick openssl from ports instead > from > base because the openssl port was previously updated and fixed. > Later I updated my system with all patches applied and reverted > the > previous change in /etc/make.conf. > > You still need to deinstall the ports openssl and then make sure to > rebuild all ports that depend on it. Yes, I did :) I had this issue with poudriere. Everything works smoothly again. Regards, -- Carlos Jacobo Puga MedinaPGP fingerprint = C60E 9497 5302 793B CC2D BB89 A1F3 5D66 E6D0 5453 signature.asc Description: This is a digitally signed message part
Re: ca_root_nss compile failure
Am 28.09.2016 um 10:36 schrieb Carlos J. Puga Medina: > Sorry, I wasn't clear enough in my first reply: I set ssl=openssl as > default version in make.conf to pick openssl from ports instead from > base because the openssl port was previously updated and fixed. > Later I updated my system with all patches applied and reverted the > previous change in /etc/make.conf. You still need to deinstall the ports openssl and then make sure to rebuild all ports that depend on it. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: ca_root_nss compile failure
On 09/28/16 02:59, Matthias Andree wrote: > Am 28.09.2016 um 01:51 schrieb George Mitchell: >> Before I file a PR, does this failure look familiar to anyone? >> >> portmaster -BDg security/ca_root_nss > >> ===> Building for ca_root_nss-3.26 >> ## Untrusted certificates omitted from this bundle: 20 >> openssl x509 failed with exit code 139 at >> /usr/ports/security/ca_root_nss/work/MAca-bundle.pl line 78. >> *** Error code 255 > George, > > thanks for asking, this is the first report I am made aware of. "exit > code 139" is actually a signal, 128 + 11 = "core dump + SIGSEGV". > openssl should NOT raise a SIGSEGV in ANY case, and beyond marking > build-time conflicts perhaps, there's nothing that ca_root_nss could do > anything about. It's a Perl script that uses the OpenSSL executable, and > the latter crashed due to the SIGSEGV. > > First, please show the output of these two commands before doing further > upgrades: > > pkg info '*ssl' > > freebsd-version -u > > > That should answer these underlying questions: > > 1. Do you have openssl or libressl installed from ports? > > 2. Is your base system fully patched? Note that there have been two > OpenSSL upgrades in quick succession, and re-running "freebsd-update > fetch" and "freebsd-update install" is advised in case you've missed the > second one (alternatively, rebuild and reinstall OpenSSL from a > supported releng SVN branch) > > If you do not have openssl, libressl installed, and you have a supported > fully-updated base system, then (3) start looking for hardware trouble, > and only then we can usefully start looking into the crash, such as > installing debug symbols for openssl and looking into backtraces. > Thanks for your help. I've just done the freebsd-update operation, and since I have no port versions of openssl installed, I presume that will fix the problem. I appreciate your attention! -- George ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: ca_root_nss compile failure
Thanks for the pointer! -- George On 09/27/16 21:39, Carlos J. Puga Medina wrote: > I forgot to mention that this problem has been reported: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212921 > > El 28 de septiembre de 2016 3:20:04 CEST, George Mitchell >escribió: >> On 09/27/16 20:56, Carlos J. Puga Medina wrote: >>> Hi George, >>> >>> Yes, I had the same problem like you. So you only need to define your >>> default SSL version in /etc/make.conf >>> >>> See entry 20160616 in /usr/ports/UPDATING for further details. >>> >>> Regards, >>> >> Okay, /etc/make.conf now says: >> >> WITH_PKGNG=yes >> DISABLE_VULNERABILITIES=yes >> DEFAULT_VERSIONS+= linux=c6 ssl=base >> OVERRIDE_LINUX_NONBASE_PORTS=c6 >> >> Did I do that right? I still get the same failure. -- George > ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: ca_root_nss compile failure
On Wed, 2016-09-28 at 09:09 +0200, Mathieu Arnold wrote: > Le 28/09/2016 à 02:56, Carlos J. Puga Medina a écrit : > > > > Hi George, > > > > Yes, I had the same problem like you. So you only need to define > > your > > default SSL version in /etc/make.conf > > > > See entry 20160616 in /usr/ports/UPDATING for further details. > I don't know what you are replying to, but this has nothing to do > with > how you say you want to use ssl from base. > Sorry, I wasn't clear enough in my first reply: I set ssl=openssl as default version in make.conf to pick openssl from ports instead from base because the openssl port was previously updated and fixed. Later I updated my system with all patches applied and reverted the previous change in /etc/make.conf. > The problem was fixed in the revised FreeBSD-SA-16:26.openssl > security > advisory: > > https://lists.freebsd.org/pipermail/freebsd-announce/2016-September/0 > 01751.html > Kind regards, -- Carlos Jacobo Puga MedinaPGP fingerprint = C60E 9497 5302 793B CC2D BB89 A1F3 5D66 E6D0 5453 signature.asc Description: This is a digitally signed message part
Re: ca_root_nss compile failure
Le 28/09/2016 à 02:56, Carlos J. Puga Medina a écrit : > Hi George, > > Yes, I had the same problem like you. So you only need to define your > default SSL version in /etc/make.conf > > See entry 20160616 in /usr/ports/UPDATING for further details. I don't know what you are replying to, but this has nothing to do with how you say you want to use ssl from base. The problem was fixed in the revised FreeBSD-SA-16:26.openssl security advisory: https://lists.freebsd.org/pipermail/freebsd-announce/2016-September/001751.html -- Mathieu Arnold signature.asc Description: OpenPGP digital signature
Re: ca_root_nss compile failure
Am 28.09.2016 um 01:51 schrieb George Mitchell: > Before I file a PR, does this failure look familiar to anyone? > > portmaster -BDg security/ca_root_nss > ===> Building for ca_root_nss-3.26 > ## Untrusted certificates omitted from this bundle: 20 > openssl x509 failed with exit code 139 at > /usr/ports/security/ca_root_nss/work/MAca-bundle.pl line 78. > *** Error code 255 George, thanks for asking, this is the first report I am made aware of. "exit code 139" is actually a signal, 128 + 11 = "core dump + SIGSEGV". openssl should NOT raise a SIGSEGV in ANY case, and beyond marking build-time conflicts perhaps, there's nothing that ca_root_nss could do anything about. It's a Perl script that uses the OpenSSL executable, and the latter crashed due to the SIGSEGV. First, please show the output of these two commands before doing further upgrades: pkg info '*ssl' freebsd-version -u That should answer these underlying questions: 1. Do you have openssl or libressl installed from ports? 2. Is your base system fully patched? Note that there have been two OpenSSL upgrades in quick succession, and re-running "freebsd-update fetch" and "freebsd-update install" is advised in case you've missed the second one (alternatively, rebuild and reinstall OpenSSL from a supported releng SVN branch) If you do not have openssl, libressl installed, and you have a supported fully-updated base system, then (3) start looking for hardware trouble, and only then we can usefully start looking into the crash, such as installing debug symbols for openssl and looking into backtraces. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: ca_root_nss compile failure
I forgot to mention that this problem has been reported: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212921 El 28 de septiembre de 2016 3:20:04 CEST, George Mitchellescribió: >On 09/27/16 20:56, Carlos J. Puga Medina wrote: >> Hi George, >> >> Yes, I had the same problem like you. So you only need to define your >> default SSL version in /etc/make.conf >> >> See entry 20160616 in /usr/ports/UPDATING for further details. >> >> Regards, >> >Okay, /etc/make.conf now says: > >WITH_PKGNG=yes >DISABLE_VULNERABILITIES=yes >DEFAULT_VERSIONS+= linux=c6 ssl=base >OVERRIDE_LINUX_NONBASE_PORTS=c6 > >Did I do that right? I still get the same failure. -- George -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: ca_root_nss compile failure
On 09/27/16 20:56, Carlos J. Puga Medina wrote: > Hi George, > > Yes, I had the same problem like you. So you only need to define your > default SSL version in /etc/make.conf > > See entry 20160616 in /usr/ports/UPDATING for further details. > > Regards, > Okay, /etc/make.conf now says: WITH_PKGNG=yes DISABLE_VULNERABILITIES=yes DEFAULT_VERSIONS+= linux=c6 ssl=base OVERRIDE_LINUX_NONBASE_PORTS=c6 Did I do that right? I still get the same failure. -- George ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: ca_root_nss compile failure
Hi George, Yes, I had the same problem like you. So you only need to define your default SSL version in /etc/make.conf See entry 20160616 in /usr/ports/UPDATING for further details. Regards, -- Carlos Jacobo Puga MedinaPGP fingerprint = C60E 9497 5302 793B CC2D BB89 A1F3 5D66 E6D0 5453 signature.asc Description: This is a digitally signed message part
ca_root_nss compile failure
Before I file a PR, does this failure look familiar to anyone? portmaster -BDg security/ca_root_nss ===>>> Port directory: /usr/ports/security/ca_root_nss ===>>> Launching 'make checksum' for security/ca_root_nss in background ===>>> Gathering dependency list for security/ca_root_nss from ports ===>>> Initial dependency check complete for security/ca_root_nss ===>>> Starting build for security/ca_root_nss <<<=== ===>>> All dependencies are up to date ===> Cleaning for ca_root_nss-3.26 ===> License MPL accepted by the user ===> Found saved configuration for ca_root_nss-3.22.2 ===> ca_root_nss-3.26 depends on file: /usr/local/sbin/pkg - found ===> Fetching all distfiles required by ca_root_nss-3.26 for building ===> Extracting for ca_root_nss-3.26 => SHA256 Checksum OK for nss-3.26.tar.gz. ===> Patching for ca_root_nss-3.26 ===> ca_root_nss-3.26 depends on package: perl5>=5.20<5.21 - found ===> Configuring for ca_root_nss-3.26 ===> Building for ca_root_nss-3.26 ## Untrusted certificates omitted from this bundle: 20 openssl x509 failed with exit code 139 at /usr/ports/security/ca_root_nss/work/MAca-bundle.pl line 78. *** Error code 255 Stop. make[1]: stopped in /usr/ports/security/ca_root_nss *** Error code 1 Stop. make: stopped in /usr/ports/security/ca_root_nss ===>>> make build failed for security/ca_root_nss ===>>> Aborting update ===>>> You can restart from the point of failure with this command line: portmaster security/ca_root_nss svnlite info Path: . Working Copy Root Path: /usr/ports URL: svn://svnmirror/ports/head Relative URL: ^/head Repository Root: svn://svnmirror/ports Repository UUID: 35697150-7ecd-e111-bb59-0022644237b5 Revision: 422822 Node Kind: directory Schedule: normal Last Changed Author: araujo Last Changed Rev: 422822 Last Changed Date: 2016-09-27 13:50:45 -0400 (Tue, 27 Sep 2016) /etc/make.conf: WITH_PKGNG=yes DISABLE_VULNERABILITIES=yes DEFAULT_VERSIONS+=linux=c6 OVERRIDE_LINUX_NONBASE_PORTS=c6 Thanks for your attention.-- George ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"