Re: ca_root_nss compile failure

[Matthias Andree]

Am 01.10.2016 um 03:43 schrieb Carlos J. Puga Medina:
> Hi Matthias, > >> Am 28.09.2016 um 10:36 schrieb Carlos J. Puga Medina:  
> Sorry,
I >> wasn't clear enough in my first reply: I set ssl=3Dopenssl as 
>> default version in make.conf to pick openssl from ports instead >>
from  base because the openssl port was previously updated and >>
fixed.  Later I updated my system with all patches applied and >>
reverted the  previous change in /etc/make.conf. >> >> You still
need to deinstall the ports openssl and then make sure >> to rebuild all
ports that depend on it. > > Yes, I did :) > > I had this issue with
poudriere. Everything works smoothly again. > > Regards,

Carlos,

good to see it works for you.

For the records, to update the poudriere jail, that would be:

  poudriere jail -j 103amd64 -u

where the "103amd64" needs to be replaced by whatever the jail's name
is; "poudriere jail -l" will print a list.

Regards,
Matthias

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: ca_root_nss compile failure

[Carlos J. Puga Medina]

Hi Matthias,

> Am 28.09.2016 um 10:36 schrieb Carlos J. Puga Medina:
>  Sorry, I wasn't clear enough in my first reply: I set
> ssl=3Dopenssl as
>  default version in make.conf to pick openssl from ports instead
> from
>  base because the openssl port was previously updated and fixed.
>  Later I updated my system with all patches applied and reverted
> the
>  previous change in /etc/make.conf.
> 
> You still need to deinstall the ports openssl and then make sure to
> rebuild all ports that depend on it.

Yes, I did :)

I had this issue with poudriere. Everything works smoothly again.

Regards,
-- 
Carlos Jacobo Puga Medina 
PGP fingerprint = C60E 9497 5302 793B CC2D  BB89 A1F3 5D66 E6D0 5453


signature.asc
Description: This is a digitally signed message part

Re: ca_root_nss compile failure

[Matthias Andree]

Am 28.09.2016 um 10:36 schrieb Carlos J. Puga Medina:
> Sorry, I wasn't clear enough in my first reply: I set ssl=openssl as
> default version in make.conf to pick openssl from ports instead from
> base because the openssl port was previously updated and fixed.
> Later I updated my system with all patches applied and reverted the
> previous change in /etc/make.conf.

You still need to deinstall the ports openssl and then make sure to
rebuild all ports that depend on it.

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: ca_root_nss compile failure

[George Mitchell]

On 09/28/16 02:59, Matthias Andree wrote:
> Am 28.09.2016 um 01:51 schrieb George Mitchell:
>> Before I file a PR, does this failure look familiar to anyone?
>>
>>  portmaster -BDg security/ca_root_nss
> 
>> ===>  Building for ca_root_nss-3.26
>> ##  Untrusted certificates omitted from this bundle: 20
>> openssl x509 failed with exit code 139 at
>> /usr/ports/security/ca_root_nss/work/MAca-bundle.pl line 78.
>> *** Error code 255
> George,
> 
> thanks for asking, this is the first report I am made aware of. "exit
> code 139" is actually a signal, 128 + 11 = "core dump + SIGSEGV".
> openssl should NOT raise a SIGSEGV in ANY case, and beyond marking
> build-time conflicts perhaps, there's nothing that ca_root_nss could do
> anything about. It's a Perl script that uses the OpenSSL executable, and
> the latter crashed due to the SIGSEGV.
> 
> First, please show the output of these two commands before doing further
> upgrades:
> 
> pkg info '*ssl'
> 
> freebsd-version -u
> 
> 
> That should answer these underlying questions:
> 
> 1. Do you have openssl or libressl installed from ports?
> 
> 2. Is your base system fully patched? Note that there have been two
> OpenSSL upgrades in quick succession, and re-running "freebsd-update
> fetch" and "freebsd-update install" is advised in case you've missed the
> second one (alternatively, rebuild and reinstall OpenSSL from a
> supported releng SVN branch)
> 
> If you do not have openssl, libressl installed, and you have a supported
> fully-updated base system, then (3) start looking for hardware trouble,
> and only then we can usefully start looking into the crash, such as
> installing debug symbols for openssl and looking into backtraces.
> 
Thanks for your help.  I've just done the freebsd-update operation,
and since I have no port versions of openssl installed, I presume
that will fix the problem.  I appreciate your attention!   -- George
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: ca_root_nss compile failure

[George Mitchell]

Thanks for the pointer!  -- George

On 09/27/16 21:39, Carlos J. Puga Medina wrote:
> I forgot to mention that this problem has been reported:
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212921
> 
> El 28 de septiembre de 2016 3:20:04 CEST, George Mitchell 
>  escribió:
>> On 09/27/16 20:56, Carlos J. Puga Medina wrote:
>>> Hi George,
>>>
>>> Yes, I had the same problem like you. So you only need to define your
>>> default SSL version in /etc/make.conf
>>>
>>> See entry 20160616 in /usr/ports/UPDATING for further details.
>>>
>>> Regards,
>>>
>> Okay, /etc/make.conf now says:
>>
>> WITH_PKGNG=yes
>> DISABLE_VULNERABILITIES=yes
>> DEFAULT_VERSIONS+= linux=c6 ssl=base
>> OVERRIDE_LINUX_NONBASE_PORTS=c6
>>
>> Did I do that right?  I still get the same failure.  -- George
> 

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: ca_root_nss compile failure

[Carlos J. Puga Medina]

On Wed, 2016-09-28 at 09:09 +0200, Mathieu Arnold wrote:
> Le 28/09/2016 à 02:56, Carlos J. Puga Medina a écrit :
> > 
> > Hi George,
> > 
> > Yes, I had the same problem like you. So you only need to define
> > your
> > default SSL version in /etc/make.conf
> > 
> > See entry 20160616 in /usr/ports/UPDATING for further details.
> I don't know what you are replying to, but this has nothing to do
> with
> how you say you want to use ssl from base.
> 

Sorry, I wasn't clear enough in my first reply: I set ssl=openssl as
default version in make.conf to pick openssl from ports instead from
base because the openssl port was previously updated and fixed.
Later I updated my system with all patches applied and reverted the
previous change in /etc/make.conf.

> The problem was fixed in the revised FreeBSD-SA-16:26.openssl
> security
> advisory:
> 
> https://lists.freebsd.org/pipermail/freebsd-announce/2016-September/0
> 01751.html
> 

Kind regards,
-- 
Carlos Jacobo Puga Medina 
PGP fingerprint = C60E 9497 5302 793B CC2D  BB89 A1F3 5D66 E6D0 5453


signature.asc
Description: This is a digitally signed message part

Re: ca_root_nss compile failure

[Mathieu Arnold]

Le 28/09/2016 à 02:56, Carlos J. Puga Medina a écrit :
> Hi George,
>
> Yes, I had the same problem like you. So you only need to define your
> default SSL version in /etc/make.conf
>
> See entry 20160616 in /usr/ports/UPDATING for further details.

I don't know what you are replying to, but this has nothing to do with
how you say you want to use ssl from base.

The problem was fixed in the revised FreeBSD-SA-16:26.openssl security
advisory:

https://lists.freebsd.org/pipermail/freebsd-announce/2016-September/001751.html

-- 
Mathieu Arnold




signature.asc
Description: OpenPGP digital signature

Re: ca_root_nss compile failure

[Matthias Andree]

Am 28.09.2016 um 01:51 schrieb George Mitchell:
> Before I file a PR, does this failure look familiar to anyone?
>
>  portmaster -BDg security/ca_root_nss

> ===>  Building for ca_root_nss-3.26
> ##  Untrusted certificates omitted from this bundle: 20
> openssl x509 failed with exit code 139 at
> /usr/ports/security/ca_root_nss/work/MAca-bundle.pl line 78.
> *** Error code 255
George,

thanks for asking, this is the first report I am made aware of. "exit
code 139" is actually a signal, 128 + 11 = "core dump + SIGSEGV".
openssl should NOT raise a SIGSEGV in ANY case, and beyond marking
build-time conflicts perhaps, there's nothing that ca_root_nss could do
anything about. It's a Perl script that uses the OpenSSL executable, and
the latter crashed due to the SIGSEGV.

First, please show the output of these two commands before doing further
upgrades:

pkg info '*ssl'

freebsd-version -u


That should answer these underlying questions:

1. Do you have openssl or libressl installed from ports?

2. Is your base system fully patched? Note that there have been two
OpenSSL upgrades in quick succession, and re-running "freebsd-update
fetch" and "freebsd-update install" is advised in case you've missed the
second one (alternatively, rebuild and reinstall OpenSSL from a
supported releng SVN branch)

If you do not have openssl, libressl installed, and you have a supported
fully-updated base system, then (3) start looking for hardware trouble,
and only then we can usefully start looking into the crash, such as
installing debug symbols for openssl and looking into backtraces.

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: ca_root_nss compile failure

[Carlos J. Puga Medina]

I forgot to mention that this problem has been reported:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212921

El 28 de septiembre de 2016 3:20:04 CEST, George Mitchell 
 escribió:
>On 09/27/16 20:56, Carlos J. Puga Medina wrote:
>> Hi George,
>> 
>> Yes, I had the same problem like you. So you only need to define your
>> default SSL version in /etc/make.conf
>> 
>> See entry 20160616 in /usr/ports/UPDATING for further details.
>> 
>> Regards,
>> 
>Okay, /etc/make.conf now says:
>
>WITH_PKGNG=yes
>DISABLE_VULNERABILITIES=yes
>DEFAULT_VERSIONS+= linux=c6 ssl=base
>OVERRIDE_LINUX_NONBASE_PORTS=c6
>
>Did I do that right?  I still get the same failure.  -- George

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: ca_root_nss compile failure

[George Mitchell]

On 09/27/16 20:56, Carlos J. Puga Medina wrote:
> Hi George,
> 
> Yes, I had the same problem like you. So you only need to define your
> default SSL version in /etc/make.conf
> 
> See entry 20160616 in /usr/ports/UPDATING for further details.
> 
> Regards,
> 
Okay, /etc/make.conf now says:

WITH_PKGNG=yes
DISABLE_VULNERABILITIES=yes
DEFAULT_VERSIONS+= linux=c6 ssl=base
OVERRIDE_LINUX_NONBASE_PORTS=c6

Did I do that right?  I still get the same failure.  -- George
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: ca_root_nss compile failure

[Carlos J. Puga Medina]

Hi George,

Yes, I had the same problem like you. So you only need to define your
default SSL version in /etc/make.conf

See entry 20160616 in /usr/ports/UPDATING for further details.

Regards,
-- 
Carlos Jacobo Puga Medina 
PGP fingerprint = C60E 9497 5302 793B CC2D  BB89 A1F3 5D66 E6D0 5453


signature.asc
Description: This is a digitally signed message part

ca_root_nss compile failure

[George Mitchell]

Before I file a PR, does this failure look familiar to anyone?

 portmaster -BDg security/ca_root_nss

===>>> Port directory: /usr/ports/security/ca_root_nss

===>>> Launching 'make checksum' for security/ca_root_nss in background
===>>> Gathering dependency list for security/ca_root_nss from ports
===>>> Initial dependency check complete for security/ca_root_nss


===>>> Starting build for security/ca_root_nss <<<===

===>>> All dependencies are up to date


===>  Cleaning for ca_root_nss-3.26
===>  License MPL accepted by the user
===>  Found saved configuration for ca_root_nss-3.22.2
===>   ca_root_nss-3.26 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by ca_root_nss-3.26 for building
===>  Extracting for ca_root_nss-3.26
=> SHA256 Checksum OK for nss-3.26.tar.gz.
===>  Patching for ca_root_nss-3.26
===>   ca_root_nss-3.26 depends on package: perl5>=5.20<5.21 - found
===>  Configuring for ca_root_nss-3.26
===>  Building for ca_root_nss-3.26
##  Untrusted certificates omitted from this bundle: 20
openssl x509 failed with exit code 139 at
/usr/ports/security/ca_root_nss/work/MAca-bundle.pl line 78.
*** Error code 255

Stop.
make[1]: stopped in /usr/ports/security/ca_root_nss
*** Error code 1

Stop.
make: stopped in /usr/ports/security/ca_root_nss

===>>> make build failed for security/ca_root_nss
===>>> Aborting update


===>>> You can restart from the point of failure with this command line:
   portmaster  security/ca_root_nss


svnlite info
Path: .
Working Copy Root Path: /usr/ports
URL: svn://svnmirror/ports/head
Relative URL: ^/head
Repository Root: svn://svnmirror/ports
Repository UUID: 35697150-7ecd-e111-bb59-0022644237b5
Revision: 422822
Node Kind: directory
Schedule: normal
Last Changed Author: araujo
Last Changed Rev: 422822
Last Changed Date: 2016-09-27 13:50:45 -0400 (Tue, 27 Sep 2016)

/etc/make.conf:
WITH_PKGNG=yes
DISABLE_VULNERABILITIES=yes
DEFAULT_VERSIONS+=linux=c6
OVERRIDE_LINUX_NONBASE_PORTS=c6

Thanks for your attention.-- George
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"