FreeBSD ports you maintain which are out of date

2015-06-01 Thread portscout 
Dear port maintainer,

The portscout new distfile checker has detected that one or more of your
ports appears to be out of date. Please take the opportunity to check
each of the ports listed below, and if possible and appropriate,
submit/commit an update. If any ports have already been updated, you can
safely ignore the entry.

You will not be e-mailed again for any of the port/version combinations
below.

Full details can be found at the following URL:
http://portscout.freebsd.org/po...@freebsd.org.html


Port| Current version | New version
+-+
devel/pear-FSM  | 1.3.1   | 1.4.0
+-+
multimedia/libav| 11.3| 11.4
+-+


If any of the above results are invalid, please check the following page
for details on how to improve portscout's detection and selection of
distfiles on a per-port basis:

http://portscout.freebsd.org/info/portscout-portconfig.txt

Thanks.
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

SOLVED: pkg version mismatch [succeeds port...]

2015-06-01 Thread Jeffrey Bouquet via freebsd-ports 
I noticed the ports tree here had net/uget 1.10.4_1 even after "svn up"... while
pkg upgrading installed 2.0.  "pkg version" (one of 3 ways) reported 
"succeeds port"... was about to post a question about pkg, but it can be fixed
by 

cd /usr/ports/net/uget
svn revert . -R 

[found at stackoverflow]

[I've about thirty of so of those directories to fix up, for installed ports... 
it seems].

Wondering if the fix can be put in CAVEATS or something in the pkg version
man page... "for those using subversion..." 

also if ever a man page with many examples is crafted for subversion on FreeBSD,
that could be one of them.

Others:

cd /usr/ports
svn resolve .


___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

need a particular version of django

2015-06-01 Thread Dan Langille 
I'm writing about this problem: 
http://beefy2.nyi.freebsd.org/data/93amd64-default/388198/logs/py27-crits-3.1.0.log

Background:

security/py-crits needs www/py-django16 and www/py-django-tastypie

However,  www/py-django-tastypie wants to install www/py-django (which is v 
1.8).

This is the line from www/py-django-tastypie in question:

RUN_DEPENDS:=   ${BUILD_DEPENDS} \
${PYTHON_PKGNAMEPREFIX}django>=1.5:${PORTSDIR}/www/py-django

Is there a nice way to say www/py-django16 is also OK?

—
Dan Langille
http://langille.org/







signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: comms/seyon distfile recovered

2015-06-01 Thread Michael Elbel 
Sorry for butting in so late, I was on vacation :-|

Am 08.05.15 um 04:11 schrieb Jan Beich:
> "Julian H. Stacey"  writes:
> 
>> lini...@freebsd.org wrote:
>> Subject: Re: FreeBSD unmaintained ports which are currently marked broken
>> I added cc: m...@freebsd.org FYI as creator of Makefile
>>
>>> As part of an ongoing effort to reduce the number of problems in
>>
>>> portname:   comms/seyon
>>> broken because: Unfetchable
>>> build errors:   none.
>>> overview:
>>> http://portsmon.FreeBSD.org/portoverview.py?category=comms&portname=seyon
>>
>> ftp sipb.mit.edu
>> ftp: Can't connect to `18.181.0.29:21': Connection refused
>> ftp: Can't connect to `sipb.mit.edu:ftp'
>>
>> I have the necessary distfile: 
>> -rw-r--r--  1 jhs  staff  224819 Apr 27  1993 9.3-RELEASE/Seyon-2.14b-tar.Z
>> MD5 (9.3-RELEASE/Seyon-2.14b-tar.Z) = bc4903422dcedd245cffedd49e923a79
>>
>> I put a temporary copy here:
>>  http://berklix.com/~jhs/ftp/FreeBSD/ports/distfiles/Seyon-2.14b-tar.Z
> 
> Maybe you can test 2.20c instead? I've also unbroken epdfview.

>
>> Please copy to
>>  ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/
>
> Do you mean local-distfiles? That's a privilege of *maintained* ports. ;)
> Otherwise, distcache.freebsd.org shouldn't be a primary mirror.
>


I'm not sure if it is a good idea to keep Seyon as a port around at all.
IMO, it has outlived its use for a decade now and also has not been
under active development for more than 15 years. No idea what security
issues lie lurking in there.

Even though I provided the original port, I personally haven't used it
for the last fifteen years either and cannot even remember what I was
using it for back then :-|

Cheers

Michael

--
Michael Elbel - m...@freebsd.org
Fermentation Fault - Coors Dumped
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: need a particular version of django

2015-06-01 Thread Mathieu Arnold 


+--On 1 juin 2015 08:35:04 -0400 Dan Langille  wrote:
| I'm writing about this problem:
| http://beefy2.nyi.freebsd.org/data/93amd64-default/388198/logs/py27-crits
| -3.1.0.log
| 
| Background:
| 
| security/py-crits needs www/py-django16 and www/py-django-tastypie
| 
| However,  www/py-django-tastypie wants to install www/py-django (which is
| v 1.8).
| 
| This is the line from www/py-django-tastypie in question:
| 
| RUN_DEPENDS:=   ${BUILD_DEPENDS} \
| 
| ${PYTHON_PKGNAMEPREFIX}django>=1.5:${PORTSDIR}/www/py-django

You can't use := here because PYTHON_PKGNAMEPREFIX is unset at that time.

| Is there a nice way to say www/py-django16 is also OK?

No.

-- 
Mathieu Arnold

pgpN7cdbvFaKI.pgp
Description: PGP signature

Re: SOLVED: pkg version mismatch [succeeds port...]

2015-06-01 Thread Ben Woods 
On Monday, June 1, 2015, Jeffrey Bouquet via freebsd-ports <
freebsd-ports@freebsd.org> wrote:

> I noticed the ports tree here had net/uget 1.10.4_1 even after "svn up"...
> while
> pkg upgrading installed 2.0.  "pkg version" (one of 3 ways) reported
> "succeeds port"... was about to post a question about pkg, but it can be
> fixed
> by
>
> cd /usr/ports/net/uget
> svn revert . -R
>

That command will revert any local changes you have made to the port files
(if you edited them manually, it reverts them to the official version from
FreeBSD ports).

I guess it is not documented within pkg(8) as it has nothing to do with
pkg. It's purely related to how subversion deals with local modifications
to repository files.

For more documentation on the subversion command, you can check:
$ svn help revert

Regards,
Ben


-- 

--
From: Benjamin Woods
woods...@gmail.com
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: pkg upgrade hang on 10.1p8/amd64 with graphviz.

2015-06-01 Thread Tobias Kortkamp 
On 03/23/2015 13:03, Kurt Jaeger wrote:
> Hi!
> 
>> I have a strange situation:
>>
>> Proceed with this action? [y/N]: y
>> [1/5] Installing graphviz-2.38.0_6...
>> [1/5] Extracting graphviz-2.38.0_6: 100%
>> load: 0.10  cmd: dot 46012 [urdlck] 1.56r 0.00u 0.00s 12% 11188k
>>
>> and there it hangs. Any ideas on how to fix this ?
> 
> I found a workaround:
> 
> cd /usr/local/lib/graphviz/
> # fstat config6
> USER CMD  PID   FD MOUNT  INUM MODE SZ|DV R/W NAME
> root dot461823 /298326 -rw-r--r--   0  w  config6
> # kill -1 46182
> 
> There's something strange with graphviz.

I had the same problem.  Running dot -c would hang forever on my desktop
with x11/nvidia-driver installed, but would work fine on other systems.
 Enabling the NVTHREADS option in graphics/graphviz seems to have solved
this problem for me.

As there seem to be no side effects with enabling the option on
non-NVIDIA systems, I just added this to Poudriere's make.conf:

  graphviz_SET+=NVTHREADS
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: need a particular version of django

2015-06-01 Thread Dan Langille 

> On Jun 1, 2015, at 9:27 AM, Mathieu Arnold  wrote:
> 
> 
> 
> +--On 1 juin 2015 08:35:04 -0400 Dan Langille  wrote:
> | I'm writing about this problem:
> | http://beefy2.nyi.freebsd.org/data/93amd64-default/388198/logs/py27-crits
> | -3.1.0.log
> |
> | Background:
> |
> | security/py-crits needs www/py-django16 and www/py-django-tastypie
> |
> | However,  www/py-django-tastypie wants to install www/py-django (which is
> | v 1.8).
> |
> | This is the line from www/py-django-tastypie in question:
> |
> | RUN_DEPENDS:=   ${BUILD_DEPENDS} \
> |
> | ${PYTHON_PKGNAMEPREFIX}django>=1.5:${PORTSDIR}/www/py-django
> 
> You can't use := here because PYTHON_PKGNAMEPREFIX is unset at that time.
> 
> | Is there a nice way to say www/py-django16 is also OK?
> 
> No.

It seems practical to create a new port, based on www/py-django-tastypie, which 
requires www/py-django16
instead of www/py-django.

Said port could be a slave of www/py-django-tastypie

Agreed?

—
Dan Langille
http://langille.org/







signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: SOLVED: pkg version mismatch [succeeds port...]

2015-06-01 Thread Lowell Gilbert 
[pkg@ snipped, because it's irrelevant]

Jeffrey Bouquet via freebsd-ports  writes:

> I noticed the ports tree here had net/uget 1.10.4_1 even after "svn up"... 
> while
> pkg upgrading installed 2.0.  "pkg version" (one of 3 ways) reported 
> "succeeds port"... was about to post a question about pkg, but it can be fixed
> by 
>
> cd /usr/ports/net/uget
> svn revert . -R 
>
> [found at stackoverflow]
>
> [I've about thirty of so of those directories to fix up, for installed 
> ports... it seems].
>
> Wondering if the fix can be put in CAVEATS or something in the pkg version
> man page... "for those using subversion..." 
>
> also if ever a man page with many examples is crafted for subversion on 
> FreeBSD,
> that could be one of them.
>
> Others:
>
> cd /usr/ports
> svn resolve .

These would not be useful to document unless you can document how you
got into those situations in the first place. "svn revert" is only
necessary if you made local changes to the sources under svn control,
and even then usually if svn can't automatically merge upstream changes
into yours. "svn resolve" is the way to sort out the merge if svn can't
do it.

It sounds like you're not intending to make local changes at all. In
that case, I'd recommend you use something else (probably portsnap) to
maintain your ports tree.
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

distfile recovered for devel/gettext-msghack

2015-06-01 Thread Julian H. Stacey 
Hi po...@freebsd.org as MAINTAINER= of devel/gettext-msghack
with BROKEN= No public distfiles

I recovered distfile for devel/gettext-msghack
& temporarily put it here
http://berklix.com/~jhs/ftp/distfiles/msghack-0.2.tar.bz2

Please mark port as no longer broken & copy distfile wherever you want.

textproc/translate-tool depends on devel/gettext-msghack

Cheers,
Julian
--
Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com
Indent previous with "> ".  Reply Below as a play script.
Send plain text, Not quoted-printable, HTML, or base64.
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Fwd: Re: svn commit: r386904 - in head/www/apache22: . files

2015-06-01 Thread Bryan Drewery 
On 5/31/2015 8:29 AM, Adam McDougall wrote:
> Is anyone else getting this issue?  I had to revert the change on my systems.
> Thanks.
> 

Yes it looks incomplete. Nothing is providing get_dh2048.

> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:static DH *get_dh512(void)
> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:static DH *get_dh1024(void)
> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:dh = get_dh2048();
> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:dh = get_dh3072();
> work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:dh = get_dh3072();

The module is only providing 512 and 1024 but not 2048 and 3072 symbols.


-- 
Regards,
Bryan Drewery



signature.asc
Description: OpenPGP digital signature

Port Fetch Failing

2015-06-01 Thread Tim Daneliuk 
Recently, I switched a web server here to to rewriting and force every access
to go over https.   This is a machine using self-signed certs and a fairly
conservative set of protocol support.  Apache's cipher suite is set to this:

SSLCipherSuite  
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL:-SSLv3:-SSLv2

These settings were derived from doing some reading and testing with SSL Labs 
test site
and - thus far - I have seen no complaints except from the FreeBSD ports fetch. 
 I am
getting grumpy emails from the master ports sites:

=> tsshbatch-1.212.tar.gz doesn't seem to exist in /portdistfiles/.
=> Attempting to fetch 
http://distcache.FreeBSD.org/ports-distfiles/tsshbatch-1.212.tar.gz
fetch: http://distcache.FreeBSD.org/ports-distfiles/tsshbatch-1.212.tar.gz: Not 
Found
=> Attempting to fetch 
http://www.tundraware.com/Software/tsshbatch/tsshbatch-1.212.tar.gz
72047:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake 
failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:593:
fetch: http://www.tundraware.com/Software/tsshbatch/tsshbatch-1.212.tar.gz: 
Authentication error
=> Couldn't fetch it - please try to retrieve this
=> port manually into /portdistfiles/ and try again.
*** [do-fetch] Error code 1

Stop in /usr/ports/security/tsshbatch.


Interestingly, (and strangely) no other port is reporting this problem, only
this one.  

Ideas, thoughts???
-- 

Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tundraware.com/PGP/

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Port Fetch Failing

2015-06-01 Thread Xin Li 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 06/01/15 16:33, Tim Daneliuk wrote:
> Recently, I switched a web server here to to rewriting and force
> every access to go over https.   This is a machine using
> self-signed certs and a fairly conservative set of protocol
> support.  Apache's cipher suite is set to this:
> 
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL:-SSLv3:-SSLv
2
>
>  These settings were derived from doing some reading and testing
> with SSL Labs test site and - thus far - I have seen no complaints
> except from the FreeBSD ports fetch.  I am getting grumpy emails
> from the master ports sites:
> 
> => tsshbatch-1.212.tar.gz doesn't seem to exist in
> /portdistfiles/. => Attempting to fetch
> http://distcache.FreeBSD.org/ports-distfiles/tsshbatch-1.212.tar.gz
>
> 
fetch:
http://distcache.FreeBSD.org/ports-distfiles/tsshbatch-1.212.tar.gz: Not
Found
> => Attempting to fetch
> http://www.tundraware.com/Software/tsshbatch/tsshbatch-1.212.tar.gz
>
> 
72047:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake
failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.
c:593:
> fetch:
> http://www.tundraware.com/Software/tsshbatch/tsshbatch-1.212.tar.gz:
> Authentication error => Couldn't fetch it - please try to retrieve
> this => port manually into /portdistfiles/ and try again. ***
> [do-fetch] Error code 1
> 
> Stop in /usr/ports/security/tsshbatch.
> 
> 
> Interestingly, (and strangely) no other port is reporting this
> problem, only this one.

You seem to be using FreeBSD 9.x which does not support TLSv1.1 and
TLSv1.2.  They support up to TLSv1 only and there is no plan to add
TLSv1.1+ support for FreeBSD 9.x base system as we can't upgrade
OpenSSL there due to ABI change.

Disabling SSLv3 ciphers means there would be no cipher available for
TLSv1 negotiation:

% openssl ciphers 'TLSv1:-SSLv3'
Error in cipher list
34379234072:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher
match:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_lib.c:1
294:

So, no negotiation would succeed in this case.

I find your CipherSuite quite problematic, by the way.  Why do you
enable eNULL there for instance?

Cheers,
- -- 
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve!   Live free or die
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.1.4 (FreeBSD)

iQIcBAEBCgAGBQJVbO64AAoJEJW2GBstM+nsVEQP+wZrco8vDXzLRcVJ6xVJ/exo
PGFJwW6EwllssPvgt7wtayCKtlNY4olnD/r4n6Z80B2VbfXiKtOYXGjv2BNc1Dys
/L1+fMV5TcGeO7lcUD19CO/WZf2Bqnmno/frWpV/6uCAwcIYhkY/JCEeist6HgNN
wrYInVAxbV062AZiD5GKgifjSSARUg819p3/QiQ00v+uGG5U9xMMQWDnkMCvY4Wu
xijiybU+OWI4EWeNQTQzNFXKP76A4ONs5YKeIgrWe4CXtSLgcJO1PE7k/OHxvrca
3IEsfyeXh7Z3yzcsREwAU47E/qfzd+K1Miya2Svt1yRi9oeBg6HpnXEh/WjcqLWe
0fEncBPfegFKvkuADewkDSL4V32+sG0rd2qRWLnsi9BGWzmtQ2pMo/nJkuuWU6Vm
H9Am8DGMr3u+In/v/DrwHdk5vQnjzxoseyPf8stttvk9QgEEWZRYSALAb0x1uw8q
c/5m3HXsMDe4O9w4iw5QzjFsG7eSXrbCqLkNOnrC34RCTBQiAOAtwa7+Jv9Xcwsp
ET+vXdJ76OoSBY9FHNLMKrJC0rfGzC704K90vvMeKlZxCZZzxrf4ZPe64mvuircI
2DJHdN+0TkxarrC+lx2dV8avSjtOvAn1XH/aq++tmX1zsMrsQ4BtHWxjz/phQ3Nf
Pn+BrSCIhn4hv0i5vTO8
=oL1C
-END PGP SIGNATURE-
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Port Fetch Failing

2015-06-01 Thread Charles Swiger 
On Jun 1, 2015, at 4:33 PM, Tim Daneliuk  wrote:
> Recently, I switched a web server here to to rewriting and force every access
> to go over https.   This is a machine using self-signed certs and a fairly
> conservative set of protocol support.  Apache's cipher suite is set to this:
> 
> SSLCipherSuite  
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL:-SSLv3:-SSLv2
> 
> These settings were derived from doing some reading and testing with SSL Labs 
> test site
> and - thus far - I have seen no complaints except from the FreeBSD ports 
> fetch.  I am
> getting grumpy emails from the master ports sites:
> 
> => tsshbatch-1.212.tar.gz doesn't seem to exist in /portdistfiles/.
> => Attempting to fetch 
> http://distcache.FreeBSD.org/ports-distfiles/tsshbatch-1.212.tar.gz
> fetch: http://distcache.FreeBSD.org/ports-distfiles/tsshbatch-1.212.tar.gz: 
> Not Found
> => Attempting to fetch 
> http://www.tundraware.com/Software/tsshbatch/tsshbatch-1.212.tar.gz
> 72047:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert 
> handshake 
> failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:593:
> fetch: http://www.tundraware.com/Software/tsshbatch/tsshbatch-1.212.tar.gz: 
> Authentication error
> => Couldn't fetch it - please try to retrieve this
> => port manually into /portdistfiles/ and try again.
> *** [do-fetch] Error code 1

The Qualsys scanner is informative:

   https://www.ssllabs.com/ssltest/analyze.html?d=tundraware.com

You've disabled SSLv2 & v3, TLS 1.0 & 1.1, and enough of the standard ciphers 
that only
something which supports the newest ECDHE / GCM variants will likely be able to 
connect.

If you want the majority of clients to be able to connect, you'll need to offer
TLS_RSA_WITH_AES_128_CBC_SHA in addition to TLS_RSA_WITH_AES_128_CBC_SHA256 
and/or
TLS_RSA_WITH_AES_256_CBC_SHA in addition to TLS_RSA_WITH_AES_256_CBC_SHA256.

Regards,
-- 
-Chuck

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Port Fetch Failing

2015-06-01 Thread Tim Daneliuk 
On 06/01/2015 06:47 PM, Charles Swiger wrote:
> On Jun 1, 2015, at 4:33 PM, Tim Daneliuk  wrote:
>> Recently, I switched a web server here to to rewriting and force every access
>> to go over https.   This is a machine using self-signed certs and a fairly
>> conservative set of protocol support.  Apache's cipher suite is set to this:
>>
>> SSLCipherSuite  
>> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL:-SSLv3:-SSLv2
>>
>> These settings were derived from doing some reading and testing with SSL 
>> Labs test site
>> and - thus far - I have seen no complaints except from the FreeBSD ports 
>> fetch.  I am
>> getting grumpy emails from the master ports sites:
>>
>> => tsshbatch-1.212.tar.gz doesn't seem to exist in /portdistfiles/.
>> => Attempting to fetch 
>> http://distcache.FreeBSD.org/ports-distfiles/tsshbatch-1.212.tar.gz
>> fetch: http://distcache.FreeBSD.org/ports-distfiles/tsshbatch-1.212.tar.gz: 
>> Not Found
>> => Attempting to fetch 
>> http://www.tundraware.com/Software/tsshbatch/tsshbatch-1.212.tar.gz
>> 72047:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert 
>> handshake 
>> failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:593:
>> fetch: http://www.tundraware.com/Software/tsshbatch/tsshbatch-1.212.tar.gz: 
>> Authentication error
>> => Couldn't fetch it - please try to retrieve this
>> => port manually into /portdistfiles/ and try again.
>> *** [do-fetch] Error code 1
> 
> The Qualsys scanner is informative:
> 
>https://www.ssllabs.com/ssltest/analyze.html?d=tundraware.com
> 
> You've disabled SSLv2 & v3, TLS 1.0 & 1.1, and enough of the standard ciphers 
> that only
> something which supports the newest ECDHE / GCM variants will likely be able 
> to connect.
> 
> If you want the majority of clients to be able to connect, you'll need to 
> offer
> TLS_RSA_WITH_AES_128_CBC_SHA in addition to TLS_RSA_WITH_AES_128_CBC_SHA256 
> and/or
> TLS_RSA_WITH_AES_256_CBC_SHA in addition to TLS_RSA_WITH_AES_256_CBC_SHA256.
> 
> Regards,
> 


Thanks Chuck.  I was being ultra paranoid when I did this and lifted this 
config from somewhere
SSL Labs sent me to as I recall.   I've added the 256 bit AES ciphers back in. 
Hopefully,
the noise will go away now.

I appreciate your prompt response.


-- 

Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tundraware.com/PGP/

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Port Fetch Failing

2015-06-01 Thread Tim Daneliuk 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/01/2015 06:46 PM, Xin Li wrote:
> You seem to be using FreeBSD 9.x which does not support TLSv1.1 and
> TLSv1.2.  

No, it is 10.1-Stable

> Disabling SSLv3 ciphers means there would be no cipher available for
> TLSv1 negotiation:
> 
> % openssl ciphers 'TLSv1:-SSLv3'
> Error in cipher list
> 34379234072:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
> cipher
> match:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_lib.c:1
> 294:
> 
> So, no negotiation would succeed in this case.
> 
> I find your CipherSuite quite problematic, by the way.  Why do you
> enable eNULL there for instance?

This is what happens when you are:  A) In a hurry and B) Paranoid and 
C) Willing to copypasta a config without thought :(

Thanks to you and Chuck, I have a more reasonable (I think):

SSLCipherSuite  
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:-eNULL:-SSLv3:-SSLv2:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_256_CBC_SHA256

Thanks for your prompt response,
- -- 
- 
Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tundraware.com/PGP/

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJVbPKxAAoJEMLZ2alfelsnB1YP/AhzECzSgJPW6SbcjR4mJiGF
dg2ywz36W/BDcxj1jPnLdf99b0NTlGe6FMVtGi9GpcVVO1EpKbZS9jtHx4okPlYH
oOAIZnedF0+g/M2HOLLsij4EexQo2vcxyZ+S+DaKJkx4j9J2MQCMfzmDMDV3vr1m
7ErxipWuUq9+uoSJXE+JsvP3U2spmG+LGs/l2gIHwv7E2fvf63Ozb1Eo9e8NgLpf
9VO7jrghJDIGy4MUqWxMV6gqBl04rite0A46OUrJCvz78fB50YIW2tZXGafGpZ+H
jd0uAqpTukvvxiVXYHpO+EWhIJpgbI96FgizZ7Zp6jPrAALC+hAfE7JA5OkLAMno
CPvTj8jIn7SfF4e27OvhstDrUlJ3xuldKY3zbSebAK7Tee7i7oTU7h/6aKFv3fat
o7qB89LUQZfFRMvrReiXVHlUawYUcE2YKSpuu0ZOOux12kb1wc7Yes08xDOj6lkH
OTOUw7RWnvgm2exbzfzNBCZI/qa7VFixfB89eavP7Cfc2sYWTdrHky45yroLXABK
Ek8w49iQnio3wf/sWuzymCJQ+aMMaA/vGzr/cDampYSBwXkEX6Rql8oh83hQST50
2ZNHGVjwzOgxs+4xUYpQTEzvtzX8DmbMNNUkBk9Bfiv67mTMHn3xV3cayFgA+Aq2
CihAOZ94Oi+UhAT34PKP
=vMg0
-END PGP SIGNATURE-
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Port Fetch Failing

2015-06-01 Thread Matthew D. Fuller 
On Mon, Jun 01, 2015 at 07:02:57PM -0500 I heard the voice of
Tim Daneliuk, and lo! it spake thus:
>
> This is what happens when you are:  A) In a hurry and B) Paranoid and
> C) Willing to copypasta a config without thought :(
>
> Thanks to you and Chuck, I have a more reasonable (I think):
>
> SSLCipherSuite  
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:-eNULL:-SSLv3:-SSLv2:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_256_CBC_SHA256

That still looks awful weird.  Paranoid, and enabling +LOW?  If you're
having to explicitly list ciphers, you're probably on the wrong
path...

And I suspect the "-SSLv3:-SSLv2" isn't really what you want.  You
probably want to disable the _protocols_, not the _ciphers_.  e.g., on
a 10.x machine, I have

SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
SSLProtocol All -SSLv2 -SSLv3

(I figure every extra character on the CipherSuite line means either
I'm way smarter, or way dumber.  And there's only so much smarter I
can get, so...)


-- 
Matthew Fuller (MF4839)   |  fulle...@over-yonder.net
Systems/Network Administrator |  http://www.over-yonder.net/~fullermd/
   On the Internet, nobody can hear you scream.
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Port Fetch Failing

2015-06-01 Thread Roger Marquis 

Thanks to you and Chuck, I have a more reasonable (I think):
SSLCipherSuite  
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:-eNULL:-SSLv3:-SSLv2:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_256_CBC_SHA256


Reasonable depends on the use case.  Though this topic would be better
discussed on freebsd-security@, the good advice given on
,

and  tends to recommend:

 SSLCipherSuite 
HIGH:MEDIUM:!IDEA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
 SSLProtocol all -SSLv2 -SSLv3
 SSLCompression  off
 SSLHonorCipherOrder on

and if you're using httpd 2.3.3 or higher:

 SSLUseStapling  on
 SSLStaplingResponderTimeout 5
 SSLStaplingReturnResponderErrors off
 SSLStaplingCacheshmcb:/var/run/ocsp(128000)

If you're processing credit cards SSLProtocol will need to be expanded to
"-SSLv2 -SSLv3 -TLSv1" by 2016/07 (for PCI compliance) and if you have
good reason to be paranoid and all of your clients are up-to-date, add
"-TLSv1.1".

Roger Marquis
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Port Fetch Failing

2015-06-01 Thread Tim Daneliuk 
On 06/01/2015 07:09 PM, Matthew D. Fuller wrote:
> On Mon, Jun 01, 2015 at 07:02:57PM -0500 I heard the voice of
> Tim Daneliuk, and lo! it spake thus:
>>
>> This is what happens when you are:  A) In a hurry and B) Paranoid and
>> C) Willing to copypasta a config without thought :(
>>
>> Thanks to you and Chuck, I have a more reasonable (I think):
>>
>> SSLCipherSuite  
>> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:-eNULL:-SSLv3:-SSLv2:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_256_CBC_SHA256
> 
> That still looks awful weird.  Paranoid, and enabling +LOW?  If you're
> having to explicitly list ciphers, you're probably on the wrong
> path...
> 
> And I suspect the "-SSLv3:-SSLv2" isn't really what you want.  You
> probably want to disable the _protocols_, not the _ciphers_.  e.g., on
> a 10.x machine, I have
> 
> SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
> SSLProtocol All -SSLv2 -SSLv3

With your settings the site scores slighly more poorly than with mine as 
reported by SSL Labs.

I will continue to tinker to find the sweet spot of browser compatibility with 
best
protection.  (The +LOW should have been -LOW.)


> 
> (I figure every extra character on the CipherSuite line means either
> I'm way smarter, or way dumber.  And there's only so much smarter I
> can get, so...)
> 
> 




-- 

Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tundraware.com/PGP/

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

INDEX build failed for 8.x

2015-06-01 Thread Ports Index build 
INDEX build failed with errors:
Generating INDEX-8 - please wait..--- describe.accessibility ---
--- describe.arabic ---
--- describe.archivers ---
--- describe.astro ---
--- describe.audio ---
--- describe.benchmarks ---
--- describe.biology ---
--- describe.cad ---
--- describe.chinese ---
--- describe.comms ---
--- describe.converters ---
--- describe.databases ---
--- describe.deskutils ---
--- describe.devel ---
--- describe.dns ---
--- describe.editors ---
--- describe.emulators ---
--- describe.finance ---
--- describe.french ---
--- describe.ftp ---
[...]
--- describe.print ---
--- describe.russian ---
--- describe.science ---
--- describe.security ---
--- describe.shells ---
--- describe.sysutils ---
--- describe.textproc ---
--- describe.ukrainian ---
--- describe.vietnamese ---
--- describe.www ---
--- describe.x11 ---
--- describe.x11-clocks ---
--- describe.x11-drivers ---
--- describe.x11-fm ---
--- describe.x11-fonts ---
--- describe.x11-servers ---
--- describe.x11-themes ---
--- describe.x11-toolkits ---
--- describe.x11-wm ---
 Done.
make_index: /home/indexbuild/tindex/ports/ports-mgmt/port-maintenance-tools: no 
entry for /home/indexbuild/tindex/ports/ports-mgmt/porteasy

Committers on the hook:
 amdmi3 jbeich 

Most recent SVN update was:
Updating '.':
Dtextproc/hgrep
Utextproc/Makefile
Usecurity/vuxml/vuln.xml
Dports-mgmt/porteasy
Uports-mgmt/Makefile
UMOVED
Dwww/diamanda
Uwww/Makefile
Unet-mgmt/netams/Makefile
Ugames/wyrmgus/distinfo
Agames/wyrmgus/files
Agames/wyrmgus/files/patch-src_unit_script__unittype.cpp
Ugames/wyrmgus/Makefile
Agames/supertuxkart/files/patch-src_audio_sfx__manager.cpp
Ugames/wyrmsun/Makefile
Ugames/wyrmsun/distinfo
Ugames/tanks-of-freedom/Makefile
Ugames/tanks-of-freedom/distinfo
Updated to revision 388300.
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: SOLVED: pkg version mismatch [succeeds port...]

2015-06-01 Thread Jeffrey Bouquet via freebsd-ports 


On 06/01/15 13:44, Lowell Gilbert wrote:
> [pkg@ snipped, because it's irrelevant]
>
> Jeffrey Bouquet via freebsd-ports  writes:
>
>> I noticed the ports tree here had net/uget 1.10.4_1 even after "svn up"... 
>> while
>> pkg upgrading installed 2.0.  "pkg version" (one of 3 ways) reported 
>> "succeeds port"... was about to post a question about pkg, but it can be 
>> fixed
>> by 
>>
>> cd /usr/ports/net/uget
>> svn revert . -R 
>>
>> [found at stackoverflow]
>>
>> [I've about thirty of so of those directories to fix up, for installed 
>> ports... it seems].
>>
>> Wondering if the fix can be put in CAVEATS or something in the pkg version
>> man page... "for those using subversion..." 
>>
>> also if ever a man page with many examples is crafted for subversion on 
>> FreeBSD,
>> that could be one of them.
>>
>> Others:
>>
>> cd /usr/ports
>> svn resolve .
> These would not be useful to document unless you can document how you
> got into those situations in the first place. 

I think it was disk failure and svn did not like resuming the updates to the
directories newly crafted into a everyday install type system from backup.
[ I prefer keeping the same tree across years of updates because I am used
to saving build logs, .htm and .msg and .txt hint files, etc within the
directories. ... for easier reference]
> "svn revert" is only
> necessary if you made local changes to the sources under svn control,
I typically use it to build, ports, say, that are broken due to no fetch
possible, for
which I already have the sources, so I can "svn revert Makefile" and
similar uses.

> and even then usually if svn can't automatically merge upstream changes
> into yours. "svn resolve" is the way to sort out the merge if svn can't
> do it.
Just a few days ago I used "svn resolve" to tune the ports tree.  Maybe the
side effects of that, and/or the response I type to the svn questions
(always TC, always
r, for those familiar with the two types...text and tree, respetively)
are what causes the version mismatches
that were present. [  OR the situation in the first paragraph above. ]

Part of  a daily svn log:


 
Updating 'usr/ports':
. [snipped]
 Summary of conflicts:
Text conflicts: 0 remaining (and 2 already resolved)
Tree conflicts: 0 remaining (and 2 already resolved)
..


 I tend to annotate uses into hint files (.txt .msg .dat .how .htm)
in /usr/src RE svn
Has saved a ports tree from newly needing to be downloaded more than once
>
> It sounds like you're not intending to make local changes at all. In
> that case, I'd recommend you use something else (probably portsnap) to
> maintain your ports tree.
I think, am not sure, that portsnap and svn are the only two. I prefer
the more cvs-like workings
of svn, and have never used portsnap...  I think the former enables one more
fine-grained tuning unless one knows the workings of the latter.  I
could be wrong
but...


Just information for the list... as a followup.  Not wanting to prolong
the thread without
reason.



> ___
> freebsd-ports@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

cups, and hplip too, fail to recognize printer when I try to print

2015-06-01 Thread Thomas Mueller 
I have printer, HP_LaserJet_Professional_M1212nf_MFP, seem to have set it up 
with cups after running hp-setup (not sure about whether hp-setup was 
successful), but when I run a command to print, get "unknown printer", even 
though I copy/paste the overlong name with the mouse to avoid a typo.

lpoptions shows

copies=1 device-uri=socket://192.168.0.103 finishings=3 job-hold-until=no-hold 
job-priority=50 marker-change-time=0 number-up=1 
printer-commands=AutoConfigure,Clean,PrintSelfTestPage printer-info='HP 
LaserJet Professional M1212nf MFP' printer-is-accepting-jobs=true 
printer-is-shared=true printer-location=residence printer-make-and-model='HP 
LaserJet Professional m1212nf MFP, hpcups 3.14.10, requires proprietary plugin' 
printer-state=3 printer-state-change-time=1433062381 printer-state-reasons=none 
printer-type=8425484 
printer-uri-supported=ipp://localhost:631/printers/HP_LaserJet_Professional_M1212nf_MFP

lpstat -p -d shows

printer HP_LaserJet_Professional_M1212nf_MFP is idle.  enabled since Sun May 31 
08:53:01 2015
system default destination: HP_LaserJet_Professional_M1212nf_MFP

lp newslet/huberwinerycoupon.ps   produces

lpr: lp: unknown printer

lp -d HP_LaserJet_Professional_M1212nf_MFP newslet/huberwinerycoupon.ps   also 
produces

lpr: HP_LaserJet_Professional_M1212nf_MFP: unknown printer

lpr and lp have same effect, using huberwinerycoupon.pdf also fails just the 
same.

huberwinerycoupon.ps was produced from huberwinerycoupon.pdf by xpdf.

Is there something I can do to make this work, short of buying a new printer 
and/or switching to Linux, or buying and installing MS-Windows?

Is cups (I have latest version, 1.7.3) broken or just user-hostile?

I've long known that cups is not user-friendly.

>From NetBSD (current, 7.99.15, i386), on the other computer, I fail the same 
>way.

I did build and install emulators/wine-devel on the other computer in 
NetBSD-current (7.99.15) from pkgsrc for both i386 and amd64; I could try that 
with the Windows software.

I also intend to build and install wine-devel for FreeBSD from ports, both i386 
and amd64, not only for printing.

Tom

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Re: Fwd: Re: svn commit: r386904 - in head/www/apache22: . files

2015-06-01 Thread Olli Hauer 
   One case wher this can happen is the dh generation was interrupted
   during the build.
   The upcomming apache2.2 will no.longer require such a hack because
   mod_ssl has undergone a huge rewrite.
   --
   Sent from my Android phone with GMX Mail. Please excuse my brevity.

   Bryan Drewery  wrote:

 On 5/31/2015 8:29 AM, Adam McDougall wrote:
 > Is anyone else getting this issue? I had to revert the change on
 my systems.
 > Thanks.
 >
 Yes it looks incomplete. Nothing is providing get_dh2048.
 > work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:static DH
 *get_dh512(void)
 > work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c:static DH
 *get_dh1024(void)
 > work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c: dh = get_dh2048();
 > work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c: dh = get_dh3072();
 > work/httpd-2.2.29/modules/ssl/ssl_engine_dh.c: dh = get_dh3072();
 The module is only providing 512 and 1024 but not 2048 and 3072
 symbols.
 --
 Regards,
 Bryan Drewery
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

INDEX now builds successfully on 8.x

2015-06-01 Thread Ports Index build 

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

NodeJS on ARM

2015-06-01 Thread Matthias Gamsjager 
Hi,

I was wondering what are the missing bits and pieces to get nodejs
running on ARM? Still get the error from ports on a RPI2 running
CURRENT.

-
Matthias
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"