Moving / renaming OpenSSL ports

2018-08-17 Thread Bernard Spil 

Hi All,

I've received a request to update the security/openssl-devel port to 
1.1.1 (see https://bugs.freebsd.org/230679).


When 1.1.0 was added to the tree, I recall that I've had discussions 
about the name of the port (openssl11, openssl-devel). Can't find the 
thread, but we ended up with security/openssl-devel.


This decision is now getting in our way.
  1. OpenSSL 1.1.0 is NOT -devel, it is a release that some people 
actually use
  2. There IS a development version 1.1.1 (currently pre8 / beta 6) 
which people like to use [1]
  3. Hopefully we'll update the regular security/openssl port to 1.1.1 
soon but what for ports that can't work with OpenSSL 1.1? [2]


My current feeling is that we should rename security/openssl-devel to 
security/openssl110, add the security/openssl111 port and leave the 
option open to have a security/openssl10 port for those so inclined once 
security/openssl is updated to 1.1.x branch.


Would like to receive more input and views on the matter.

Cheers, Bernard.

[1]: I maintain a security/openssl-master port for OpenSSL 1.1.1 on 
https://github.com/Sp1l/openssl-master
[2]: I document fall-out, patches and PRs on 
https://wiki.FreeBSD.org/OpenSSL
PS: There's also a security/openssl-unsafe ports for use with ports like 
sslscan, testssl.sh (category debatable)

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Moving / renaming OpenSSL ports

2018-08-19 Thread Bernard Spil 

On 2018-08-19 0:25, Dewayne Geraghty wrote:

Bernard,
Given the silly way that the openssl crew have decided to name their
releases I think this is a good approach for the moment.  I wonder how
they'll number an update to 1.1  :)  (1.1A 1.2?) or what an update to
1.1.1 - a rod for their own back, I think it a pity the TLS folks did
not use 2.0 rather than 1.3).

I've used your wikis a great deal and have found your proactive
engagement a delight.

Yes I still build all amd64 ports with libressl.  I'm considering
migration to libressl-devel because I think this will remove some
security/libressl tweak complexity.  ;)

After reviewing your FOSDEM slides -
- yes there are ports that use base even when told not to, so for 
libssl
| libcrtypo - I just remove them, though I do replace them with 
symlinks.
- I hadn't seen this SSL_OP_SINGLE_DH_USE before.  We regenerate DH on 
a

daily basis in background, so for us its preferred.
- slide 17 - building without openssl creates deficient libarchive,
which is ok if you pull via curl and one of the archiver/ tar-like
files.  Problematic for most users.
- thank-you for drawing my attention to this PRIVATELIB=true  WOW!
Great!  I'll also search ports for any use of USEPRIVATELIB so I can
remove the line ;)
- pkg is a problem.  We rebuild required ports then remove all ports
(pkg delete -a), install (via tar) the key ones, then rebuild
everything.  Convoluted but effective for our purposes

Excellent presentation, summary of history and references.

Kind regards, Dewayne
ps I use security/heimdal ports for all production servers, we build
1200+ ports each month - it catches a lot of mismatches.  The
recommendation to use MIT for anything is unfortunate - why provide the
US the opportunity for additional sanctions :)  I've found heimdal to 
be

ridiculously stable in production AND predictable.


Hi Dewayne,

Thanks for your response! Waiting for some more people to chime in 
before I pull any triggers.


As for libressl-devel, there's no ABI changes sofar and I haven't really 
seen any benefits of using 2.8 over 2.7 sofar. Have you seen anything 
specific?


Heimdal is one of the blockers for updating OpenSSL to 1.1 in base :D

Cheers, Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Mk/Uses/ssl.mk and OpenSSL 1.1.x in base

2018-10-20 Thread Bernard Spil 

Hi,

FreeBSD 12 has switched to OpenSSL 1.1 in 1200085 
(https://svnweb.freebsd.org/changeset/base/r339270) and there's 
considerable fall-out in packages as a result.


The fall-out in packages should align nicely with the results of 
building with security/openssl-devel or security/openssl111 (see 
https://wiki.freebsd.org/OpenSSL/1.1.0 and 
https://wiki.freebsd.org/OpenSSL/1.1.1 respectively).


Many ports are already marked BROKEN_SSL= openssl-devel, and openssl111 
should be added to these ports as well (see 
https://reviews.freebsd.org/D17136)


Should we extend Mk/Uses/ssl.mk to include a check for BROKEN_SSL= 
openssl-devel|openss111 and __FreeBSD_version >= 1200085?


Cheers, Bernard.

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: on current, pkg install openssl kills pkg

2018-10-27 Thread Bernard Spil 

On 2018-10-17 0:26, Julian H. Stacey wrote:

Hi po...@freebsd.org
cc br...@freebsd.org maintaine= of ports/security/openssl

On current, 12.0-ALPHA9, this kills pkg:
pkg install openssl

uname -r#  12.0-ALPHA9
cd /usr/src
cat .ctm_status # src-cur 13733
cat .svn_revision   # 339303

  pkg install openssl
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
  openssl: 1.0.2p_1,1
Number of packages to be installed: 1
The process will require 12 MiB more space.
3 MiB to be downloaded.
[1/1] Fetching openssl-1.0.2p_1,1.txz: 100%3 MiB 626.9kB/s  
  00:05

Checking integrity... done (0 conflicting)
[1/1] Installing openssl-1.0.2p_1,1...
[1/1] Extracting openssl-1.0.2p_1,1: 100%
Message from openssl-1.0.2p_1,1:
Edit /usr/local/openssl/openssl.cnf to fit your needs.

  pkg install openvpn
ld-elf.so.1: /usr/local/lib/libcrypto.so.9: version
OPENSSL_1_1_0 required bysr/local/lib/libpkg.so.4 not defined

That ld-elf message was rather too opaque for me.
I fumbled with various libs to no good effect, copying from another 
host,

& reinstalling from current ports/ports-mgmt/pkg etc,
Nothing fixed it till I used another AMD+NFS mounted current host:

/host/lapr/usr/local/sbin/pkg delete openssl

Comments please ?  Meaning ? How to prevent / fix it ?

its just that one package, I'm rebuilding & up to here OK:
pkg info -a | wc -l # 1062
using
foreach i ( `fetch -o -
http://berklix.com/~jhs/src/bsd/fixes/freebsd/packages/to_pkg_install`
)
echo DOING $i
pkg install -y $i
done

Ive removed openssl from my list of package to install, nothing else
wants it so far.
It used to be in my ports/security/Makefile.inc to support
cd /usr/ports/x11-servers/xorg-server;make
But I'll just leave it to automatic depend from now on.

Cheers,
Julian


Hi Julian,

Bit late to the party, but you're most likely hit by the update of 
crypto/openssl to 1.1.1 in base. There's another change the past days 
where the libraries have been renamed to libcrypto.so.111 and 
libssl.so.111 which might hit you too.


Cheers, Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: FreeBSD 11.2-RELEASE (64bit) databases/mariadb103-server

2018-11-12 Thread Bernard Spil 

On 2018-11-12 19:13, Leander Schäfer wrote:

Hello,

databases/mariadb103-server doesn't want to build any more. I use
poudriere to build own local package repositories. It seems like one of
the two last updates broke databases/mariadb103-server port for me:
- 12 Nov 2018 16:58:52 or
- 10 Nov 2018 14:11:46

https://www.freshports.org/databases/mariadb103-server/

My make.conf looks like this:

DEFAULT_VERSIONS+=php=71
DEFAULT_VERSIONS+=pgsql=9.6
DEFAULT_VERSIONS+=mysql=8.0
DEFAULT_VERSIONS+=samba=4.8
DEFAULT_VERSIONS+=python=2.7 python2=2.7 python3=3.6
DEFAULT_VERSIONS+=ssl=openssl

The options of databases/mariadb103-server are left default except
GSSAPI_NONE.

OPTIONS_FILE_SET+=CONNECT_EXTRA
OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_SET+=WSREP
OPTIONS_FILE_UNSET+=LZ4
OPTIONS_FILE_UNSET+=LZO
OPTIONS_FILE_UNSET+=SNAPPY
OPTIONS_FILE_UNSET+=ZSTD
OPTIONS_FILE_SET+=INNOBASE
OPTIONS_FILE_UNSET+=MROONGA
OPTIONS_FILE_UNSET+=OQGRAPH
OPTIONS_FILE_UNSET+=ROCKSDB
OPTIONS_FILE_SET+=SPHINX
OPTIONS_FILE_SET+=SPIDER
OPTIONS_FILE_UNSET+=TOKUDB
OPTIONS_FILE_UNSET+=ZMQ
OPTIONS_FILE_UNSET+=MSGPACK
OPTIONS_FILE_UNSET+=GSSAPI_BASE
OPTIONS_FILE_UNSET+=GSSAPI_HEIMDAL
OPTIONS_FILE_UNSET+=GSSAPI_MIT
OPTIONS_FILE_SET+=GSSAPI_NONE


[...]

--- storage/connect/CMakeFiles/connect.dir/all ---
[ 87%] Building CXX object
storage/connect/CMakeFiles/connect.dir/ha_connect.cc.o
cd
/wrkdirs/usr/ports/databases/mariadb103-server/work/mariadb-10.3.10/storage/connect
&& /usr/local/libexec/ccache/c++  -DFORCE_INIT_OF_VARS -DGZ_SUPPORT
-DHAVE_CONFIG_H -DHUGE_SUPPORT -DLIBXML2_SUPPORT -DLINUX -DMARIADB
-DMYSQL_DYNAMIC_PLUGIN -DNOCRYPT -DODBC_SUPPORT -DUBUNTU -DUNIX
-DVCT_SUPPORT -DXMAP -DZIP_SUPPORT -Dconnect_EXPORTS
-I/wrkdirs/usr/ports/databases/mariadb103-server/work/mariadb-10.3.10/include
-I/wrkdirs/usr/ports/databases/mariadb103-server/work/mariadb-10.3.10/sql
-I/wrkdirs/usr/ports/databases/mariadb103-server/work/mariadb-10.3.10/pcre
-I/usr/local/include -I/usr/local/include/libxml2 -O2 -pipe
-fstack-protector -isystem /usr/local/include -fno-strict-aliasing 
-isystem /usr/local/include -Wl,-z,relro,-z,now -fstack-protector
--param=ssp-buffer-size=4 -fno-rtti -Wall -Wmissing-declarations
-Wno-unused-function -Wno-unused-variable -Wno-unused-value
-Wno-parentheses -Wno-strict-aliasing -Wno-implicit-fallthrough
-fpermissive -fexceptions -fPIC  -O2 -pipe -fstack-protector -isystem
/usr/local/include -fno-strict-aliasing  -isystem /usr/local/include
-D_FORTIFY_SOURCE=2 -DDBUG_OFF -fPIC -o
CMakeFiles/connect.dir/ha_connect.cc.o -c
/wrkdirs/usr/ports/databases/mariadb103-server/work/mariadb-10.3.10/storage/connect/ha_connect.cc
--- extra/mariabackup/CMakeFiles/mariabackup.dir/all ---
/usr/bin/ld: mariabackup: hidden symbol
`_Z31fil_space_verify_crypt_checksumPhRK11page_size_tmm' isn't defined
/usr/bin/ld: final link failed: Nonrepresentable section on output
c++: error: linker command failed with exit code 1 (use -v to see
invocation)
*** [extra/mariabackup/mariabackup] Error code 1

make[3]: stopped in
/wrkdirs/usr/ports/databases/mariadb103-server/work/mariadb-10.3.10
1 error

make[3]: stopped in
/wrkdirs/usr/ports/databases/mariadb103-server/work/mariadb-10.3.10
*** [extra/mariabackup/CMakeFiles/mariabackup.dir/all] Error code 2

make[2]: stopped in
/wrkdirs/usr/ports/databases/mariadb103-server/work/mariadb-10.3.10
--- storage/innobase/CMakeFiles/innobase.dir/all ---
Scanning dependencies of target innobase
A failure has been detected in another branch of the parallel make

make[3]: stopped in
/wrkdirs/usr/ports/databases/mariadb103-server/work/mariadb-10.3.10
*** [storage/innobase/CMakeFiles/innobase.dir/all] Error code 2

make[2]: stopped in
/wrkdirs/usr/ports/databases/mariadb103-server/work/mariadb-10.3.10
--- plugin/metadata_lock_info/CMakeFiles/metadata_lock_info.dir/all ---
c++: warning: -Wl,-z,relro,-z,now: 'linker' input unused
[-Wunused-command-line-argument]
--- storage/blackhole/CMakeFiles/blackhole.dir/all ---
c++: warning: -Wl,-z,relro,-z,now: 'linker' input unused
[-Wunused-command-line-argument]
--- storage/federatedx/CMakeFiles/federatedx.dir/all ---
c++: warning: -Wl,-z,relro,-z,now: 'linker' input unused
[-Wunused-command-line-argument]
--- storage/test_sql_discovery/CMakeFiles/test_sql_discovery.dir/all 
---

A failure has been detected in another branch of the parallel make

make[3]: stopped in
/wrkdirs/usr/ports/databases/mariadb103-server/work/mariadb-10.3.10
*** [storage/test_sql_discovery/CMakeFiles/test_sql_discovery.dir/all]
Error code 2

make[2]: stopped in
/wrkdirs/usr/ports/databases/mariadb103-server/work/mariadb-10.3.10
--- plugin/qc_info/CMakeFiles/query_cache_info.dir/all ---
A failure has been detected in another branch of the parallel make

make[3]: stopped in
/wrkdirs/usr/ports/databases/mariadb103-server/work/mariadb-10.3.10
--- storage/spider/CMakeFiles/spider.dir/all ---
c++: warning: -Wl,-z,relro,-z,now: 'linker' input unused
[-Wunused-command-line-argument]
--- plugin/qc_info/CMakeFiles/query_cache_info.dir

Re: MariaDB 1.3.27 overwrites customized my.cnf

2020-12-09 Thread Bernard Spil 

On 2020-12-04 12:29, Miroslav Lachman wrote:

Am I the only one who sees this (critical) problem after upgrade from 
MariaDB 10.3.23 to newer version (10.3.25 or 10.3.27)?


There is our customized fine-tuned /usr/local/etc/my.cnf for years 
untouched by pkg install or pkg upgrade. After the last pkg upgrade 
MariaDB cannot (re)start because my.cnf was replaced with some generic 
file which contains this:


#
# This group is read both by the client and the server
# use it for options that affect everything
#
[client-server]

#
# include *.cnf from the config directory
#
!includedir /usr/local/etc/mysql/conf.d

But the directory /usr/local/etc/mysql/conf.d is empty. If something 
silently replaces my config file I would expect it to move my file to 
proper location which is not the case. My file is simply replaced and 
configuration of MariaDB is lost and daemon cannot be (re)started any 
more. I think this is POLA, should be mentioned in UPDATING and 
pkg-message.

The only way to make it work again is restore my.cnf from backup.

I filled  bug report as PR 251550
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251550

It seems really critical to me but I am surprised nobody else reported 
this.


This is on FreeBSD 11.4 amd64 with packages built in our Poudriere

Options:
CONNECT_EXTRA  : off
DOCS   : off
GSSAPI_BASE: off
GSSAPI_HEIMDAL : off
GSSAPI_MIT : off
GSSAPI_NONE: on
INNOBASE   : on
LZ4: on
LZO: on
MROONGA: off
MSGPACK: off
OQGRAPH: off
ROCKSDB: off
SNAPPY : off
SPHINX : on
SPIDER : on
TOKUDB : off
WSREP  : on
ZMQ: off
ZSTD   : off

Kind regards
Miroslav Lachman


Fixed in mariadb103-client-10.3.27_1

Very sorry for this, that was very bad. I hope you have a backup of your 
my.cnf!

___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: FreeBSD Port: py27-letsencrypt-0.0.0.d20151123

2015-12-03 Thread Bernard Spil 

On 2015-12-03 14:22, Kubilay Kocak wrote:

On 4/12/2015 12:02 AM, Ruud Boon wrote:

Hi,

Thnx for maintaining the letsencrypt port!
I’m wondering if you have any plans to upgrade to the just release 
v0.1.0?


Cheers,
Ruud



You're welcome :)

Bernard (cc'd) just landed the 20151123 update 2 days ago (I'm not sure
how far off 0.1.0 that version is):

https://svnweb.freebsd.org/ports/head/security/py-letsencrypt/Makefile?revision=402668&view=markup

If 0.1.0 has been tagged in the upstream repo, I doubt it will be long
before a patch/review is submitted to update it :)

Thanks for getting in touch!

./koobs


Seems that I am 15 hours behind!!!

Patches coming up :D

Kind regards,

Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: FreeBSD Port: py27-letsencrypt-0.0.0.d20151123

2015-12-03 Thread Bernard Spil 

On 2015-12-03 14:22, Kubilay Kocak wrote:

On 4/12/2015 12:02 AM, Ruud Boon wrote:

Hi,

Thnx for maintaining the letsencrypt port!
I’m wondering if you have any plans to upgrade to the just release 
v0.1.0?


Cheers,
Ruud



You're welcome :)

Bernard (cc'd) just landed the 20151123 update 2 days ago (I'm not sure
how far off 0.1.0 that version is):

https://svnweb.freebsd.org/ports/head/security/py-letsencrypt/Makefile?revision=402668&view=markup

If 0.1.0 has been tagged in the upstream repo, I doubt it will be long
before a patch/review is submitted to update it :)

Thanks for getting in touch!

./koobs


There you go
https://github.com/Sp1l/ports/tree/master/security/py-acme
https://github.com/Sp1l/ports/tree/master/security/py-letsencrypt

or svn diff
https://github.com/Sp1l/ports/blob/master/patches/patch-security_py-letsencrypt%2Bacme-0.1.0

Review here
https://reviews.freebsd.org/D4360 (includes patch)

Some rough edges in the patch still, but will be resolved soon

Thanks for reporting,

Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Please review for Letsencrypt 0.1.0 public BETA (today!)

2015-12-03 Thread Bernard Spil 

On 2015-12-03 16:28, Ruud Boon wrote:

Awesome!!

Thnx again!


On 03 Dec 2015, at 16:11, Bernard Spil  wrote:

On 2015-12-03 14:22, Kubilay Kocak wrote:

On 4/12/2015 12:02 AM, Ruud Boon wrote:

Hi,
Thnx for maintaining the letsencrypt port!
I’m wondering if you have any plans to upgrade to the just release 
v0.1.0?

Cheers,
Ruud

You're welcome :)
Bernard (cc'd) just landed the 20151123 update 2 days ago (I'm not 
sure

how far off 0.1.0 that version is):
https://svnweb.freebsd.org/ports/head/security/py-letsencrypt/Makefile?revision=402668&view=markup
If 0.1.0 has been tagged in the upstream repo, I doubt it will be 
long

before a patch/review is submitted to update it :)
Thanks for getting in touch!
./koobs


Seems that I am 15 hours behind!!!

Patches coming up :D

Kind regards,

Bernard.


Hi Carlos, Kubilay,

Can you please review D4360? Public BETA of Letsencrypt opens today and 
this 0.1.0 release arrives in line with the release. Would be great to 
get it in the first day.


Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: 2016Q2 - no Mk/Uses/mysql.mk

2016-06-28 Thread Bernard Spil 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 2016-06-28 16:58, Mathieu Arnold wrote:
> +--On 28 juin 2016 10:30:10 -0400 Dan Langille  wrote:
> |> On Jun 28, 2016, at 7:56 AM, Mathieu Arnold  wrote:
> |>
> |>
> |>
> |> +--On 27 juin 2016 17:22:56 -0400 Dan Langille  wrote:
> |> | I've been working with the 2016Q2 branch with respect to FreshPorts.
> |> |
> |> | I tried running make -V on branches/2016Q2 and it failed with:
> |> |
> |> | Error message is: make: "/usr/local/repos/PORTS-2016Q2/Mk/bsd.port.mk"
> |> | line 1433: Cannot open /usr/local/repos/PORTS-2016Q2/Mk/Uses/mysql.mk
> |> |
> |> | It seems that recent changes to Mk also need to be backported to
> |> | branches if there is a commit on that branch.
> |>
> |> Well, no, people merging things are supposed to check what they are doing
> |> and not commit stupid patches, which is the case here.
> |>
> |> Which port has USES=mysql on 2016Q2 ?
> |
> | Log:
> |   MFH: r416066
> |
> |   net-mgmt/cacti: 0.8.8g -> 0.8.8h
> |
> | It appears to have already been fixed in Revision 416207:
> |
> | - no USES=mysql allowed in the quarterly branch
> |
> | re
> | https://svnweb.freebsd.org/ports/branches/2016Q2/net-mgmt/cacti/Makefile?
> | view=log
> |  | ?view=log>
> |
> | Ooops.  Sorry for the noise.  I'll look at the new commits on that port.
> | I was analyzing commits which FreshPorts had difficulty processing.
> |
> | Nothing to see here. Please move along...
> 
> Well, no, the noise is good, it should be reported to the committer that
> did the commit, like other breakage are, so that said committer knows and
> fixes the problem.

Just lucky that it wasn't me. Good thing to keep in mind with these
kinds of changes! Usually only the actual update is committed, not a
check for these kinds of changes to the ports framework!

I've got some Python patches in review that now have USES= ssl which
would break in Q2 as well! Luckily no security fixes in there afaik.

Cheers,

Bernard.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJXctaeAAoJEHT7/r+FArC0rzsP/jx32UsjVtA8dgYHCf+gM7mt
gz55FCOT7XI+m13nAZWpI3VfsW2MuA99j/B/npXMfDSqixGSDfZyFq0Xr+MPP9UU
b48TGrXbEUVQvkG4dRy5WK/J0XcqwO2x+ajD29lJtHZE/2aTMrBoXRYYifQkx0ew
iDftQDlauGp8usNjgAVrZffRkj0q0v2cQGcepL8iqHuKXA63b9dsxV65BeIUFLPE
hnL+AneFqiaXa9zSc72/o3PS173Y8d3XaSxPjw4pRBBuD4mDDadAdebUz/ZCVwug
k6g+LsVs+iqjn8nq1O6wgqJHh7LKLU04WGSPYHSUl7ErzmBOlxKJleFM3gOur2Og
9qy/dLwvftlNtEZ/8aI00ZVcKd4kzyoYZxa215g3A+vd+zDOTSPOWE3VgNoyf4KK
NHrKkrKH3f7/5um4RBuJf69lFs1X7RNuPPCXONnO1t3xDDOeOFAseKrQodDqfTo2
nC9X/Kf1cHi/wU9aF0DqttJj10fXdjbkthcKlSZ+dwk6p+wEEwLorbXrGI00f/aG
R6UFa5XhdQxkBYGiBKwPaNTEsNoGo0BhK48z5oknt9rv6Psm8C7Sa99euCVFMxqY
FftKkp3Iy731AnrApWkzaDd9CNtkvomhYZklx1rG/cqOq+0Xz+clFV1BADSZS2T1
Bd+0Wkqzm5WA7FDgjNOP
=WchY
-END PGP SIGNATURE-
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Update to mariadb101-client-10.1.16 failure

2016-07-24 Thread Bernard Spil 

On 2016-07-24 14:25, Jim Ohlstein wrote:

Hello,

On 07/24/16 05:42, Mark J. Carpio wrote:

Hello all,

I am seeing an issue when attempting to update mariadb10.1

uname:

   FreeBSD 10.3-RELEASE-p4 #0: Sat May 28 12:23:44 UTC 2016
   r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC 
amd64



Error seen during portmaster update:

   ===>  Applying FreeBSD patches for mariadb101-client-10.1.16

1 out of 7 hunks failed--saving rejects to scripts/CMakeLists.txt.rej
=> Patch patch-scripts_CMakeLists.txt failed to apply cleanly.
=> Patch(es) patch-CMakeLists.txt patch-client_CMakeLists.txt
patch-cmake_ssl.cmake patch-extra_CMakeLists.txt
patch-include_CMakeLists.txt patch-include_my__compare.h
patch-libmysql_CMakeLists.txt patch-libservices_CMakeLists.txt
patch-man_CMakeLists.txt patch-mysys_my__default.c
patch-pcre_CMakeLists.txt applied cleanly.
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/databases/mariadb101-client
*** Error code 1

Stop.
make: stopped in /usr/ports/databases/mariadb101-client

===>>> make build failed for databases/mariadb101-client
===>>> Aborting update

===>>> Update for databases/mariadb101-client failed
===>>> Aborting update



Seeing the same thing, cc'd maintainer.

--
Jim


Hi Jiim,

Can you check again (update your ports tree)? I believe I fixed this 
issue earlier today. Initially I only submitted the update to -server, 
today I committed the changes to -client.


Cheers,

Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: mariadb101-server vulnerability?

2016-08-08 Thread Bernard Spil 

On 2016-08-06 23:17, Mark Felder wrote:

On Sat, Aug 6, 2016, at 07:34, Kubilay Kocak wrote:

On 6/08/2016 7:23 AM, Michael Grimm wrote:
> Hi —
>
> Kubilay Kocak  wrote:
>
>> Unfortunately you are yet one more example of a user that's been left in
>> the lurch without information or recourse wondering (rightfully) how
>> they can resolve or mitigate this vulnerability. Our apologies.
>
> While we are that topic, I am wondering about that 14 days old warning, as 
well:
>
>mariadb101-server-10.1.16 is vulnerable:
>MySQL -- Multiple vulnerabilities
>CVE: CVE-2016-3452
> [long list of CVEs snipped]
>CVE: CVE-2016-3477
>https://vuxml.FreeBSD.org/freebsd/ca5cb202-4f51-11e6-b2ec-b499baebfeaf.html
>
> I really do not know how serious this report is. Every feedback is highly 
appreciated.

Hi Michael:

Bug:  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211274

Your comment on that issue would be appreciated.

The parent issue (assigned to ports-secteam (cc'd)) for coordinating 
the

multiple vulnerable ports is:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211248




From what I can see MariaDB hasn't released an update to address these
issues yet. I believe Oracles does not coordinate release of security
issues with third parties / forks. This has probably caught MariaDB off
guard and they're likely waiting for access to the relevant commits to
import the fixes.


Hi Mark,

The CVE's mention MariaDB where applicable.

Added versions where these vulns were fixed for MariaDB. PerconaDB 
follows the MySQL release numbering and has also received updates so I 
added version checks there as well.


See https://svnweb.freebsd.org/ports?view=revision&revision=419813

Cheers,

Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Upcoming OpenSSL 1.1.0 release

2016-08-24 Thread Bernard Spil 

On 2016-08-23 14:42, Matt Smith wrote:

On Aug 22 20:39, Mathieu Arnold wrote:

ports-committers is a *NEVER POST DIRECTLY TO* list, so, moving it to
ports@ where this belongs a lot more.

+--On 22 août 2016 20:30:15 +0200 Bernard Spil  
wrote:
| Curious to know how we should procede with the upgrade of the 
OpenSSL

| port to 1.1.0!

All ports need to work with it, I'm sure software like BIND9 do not 
build

with it.

-- Mathieu Arnold


Going slightly off-topic, I'm curious what the opinion is around this
and LibreSSL. My understanding is that LibreSSL was forked from OpenSSL
1.0.1 and they have not backported newer stuff from OpenSSL. I also
believe OpenSSL now has several full time paid developers working on it
and that the 1.1 release has some significant changes under the hood?

I've been using LibreSSL for a while so that I can get chacha20 support
but OpenSSL 1.1 will not only have chacha20, but will also have x25519
support as well. This along with what I said above is making me think 
it

might be better to go back to OpenSSL.

I just wondered what people in the know think about the current
situation with these two things. Plus are there any roadmaps for the
future of FreeBSD regarding the defaults. Is the project ever going to
look at making LibreSSL the default port, or will that be kept as
OpenSSL for many years to come? I know Bernard has been looking into
that and playing around with LibreSSL in base etc. Just curious what 
the

official policy is going to be on that.


Hi Matt,

Today new vulnerabilities with (3)DES and BlowFish were made public and 
I believe we'll see release of another paper which is OpenSSL 1.1 
related with the release of OpenSSL 1.1.0. I have no knowledge if the 
paper/report contained vulnerabilities that have postponed the release 
of 1.1.0 but I think that is likely. That would mean that these 
vulnerabilities have been solved pre-release.


As far as I know x25519 is still a Draft RFC so unlikely to appear in 
browsers for a while. I can see LibreSSL adding this as well, whether in 
the draft version or in the final. This they did with ChaCha20/Poly1305 
as well (draft in 2.3, release in 2.4). The LibreSSL devs would have 
closed the request if they didn't intend to support it 
https://github.com/libressl-portable/portable/issues/114


I don't think that FreeBSD will be making LibreSSL the libssl/libcrypto 
provider any time soon. The support timelines for LibreSSL (<1.5 years) 
are just too short for the FreeBSD release support (>3 years). OpenSSL 
is speeding up the release cycle as well but at least we can rely on 
RedHat to backport changes to older versions.


LibreSSL in base is a bit more than playing, it is becoming the default 
in HardenedBSD very soon and very likely in TrueOS (AKA PC-BSD) as of 
11.0 RELEASE. Both HardenedBSD and TrueOS have a different attitude 
towards updating things in the base system as they do not serve as 
upstream to other projects/products that require longer support 
timelines. Come see my talk at EuroBSDCon, it will contain LibreSSL in 
base things.


Cheers,

Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Upcoming OpenSSL 1.1.0 release

2016-08-25 Thread Bernard Spil 

On 2016-08-24 22:08, Lowell Gilbert wrote:

Bernard Spil  writes:


Today new vulnerabilities with (3)DES and BlowFish were made public


You're referring to something different than the HTTPS/OpenVPN
attacks?  Because it really wouldn't be accurate to describe those
as vulnerabilities in the ciphers.


Hi Lowell,

Correct. And that is indeed not a vulnerability in the cipher. As far as 
I know all cipher suites in use that support DES or 3DES use CBC mode 
and are vulnerable. Disabling DES and 3DES therefore makes sense to me.


Cheers,

Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Upcoming OpenSSL 1.1.0 release

2016-08-28 Thread Bernard Spil 
On Sun, Aug 28, 2016 at 5:01 PM, Bernard Spil  wrote:
> 2016-08-27 11:18 GMT+02:00 Dirk Meyer :
>> Hallo Ollivier Robert,
>>
>>> [01:19:54] >> Failed ports: lang/go14:build security/libssh2:build 
>>> devel/libevent2:build archivers/libarchive:build lang/python27:package 
>>> security/trousers:build lang/python34:package devel/apr1:configure 
>>> lang/ruby23:package dns/ldns:configure databa
>>> ses/freetds:build www/libwww:configure ftp/lftp:build 
>>> security/pkcs11-helper:build security/php56-openssl:build www/lynx:build 
>>> net-p2p/libtorrent:build security/cyrus-sasl2:build dns/bind910:configure 
>>> mail/postfix-current:build mail/dovecot2:build lang/r
>>> uby22:package ftp/wget:configure www/nginx-devel:build dns/bind99:configure 
>>> www/aria2:build
>>>
>>> Most of them were building before (exception is go14 which is always 
>>> failing on my poudriere but I know why).
>>
>> a number of your ports failing with openssl-devel-1.1.0
>> builds fine with my version of openssl-1.1.0 in ports:
>>
>> archivers/libarchive
>> devel/apr1
>> devel/libevent2
>> dns/bind910
>> dns/ldns
>> net-p2p/libtorrent
>> security/php56-openssl
>> security/cyrus-sasl2
>> security/trousers
>> www/lynx
>>
>> For them there are no regressions with the update of security/openssl I an 
>> testing.
>>
>> kind regards Dirk
>>
>> - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
>> - [dirk.me...@dinoex.sub.org],[dirk.me...@guug.de],[din...@freebsd.org]
>>
>
> Hi All,
>
> There were indeed some issues with my openssl-devel port. I'm now
> finishing up aligning it with the port that Dirk committed (and that
> was reverted pending more testing). List of fixes below and a patch
> for security/openssl-devel to follow soon.
>
>   1. ASM : Some error in OpenSSL's configure, adding `asm` to
> configure_args triggers failure
>   2. ldconfig: SHARED_USE_LDCONFIG doesn't work, switch to SHARED_USE=
> ldconfig=yes
>   3. Rework options handling to upstream default off and default on
>  a. default-off, to enable use enable-opt
>  b. default-on, to disable use no-opt
>
> This does NOT fix the build issue(s?) yet. bind910 fails on the
> removed openssl/dso.h header file and the DSO_METHOD_dlfcn having been
> removed completely. Removing that test makes build fail on missing
> ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED which is unrelated to DSO I
> believe.
>
> Checked devel/apr1 shortly and that fails on a missing EVP_PKEY_CTX_new.
>
> I had already opened a PR for an exp-run with openssl-devel to see how
> much fixing we need with OpenSSL 1.1.0
>
> Started a wiki page to list issues, solutions etc.
>
> Propose to update the security/openssl-devel port with the attached
> patch and use that to do an exp-run so we can uncover all failing
> ports.
>
> Cheers,
>
> Bernard.
>
>
> On Sat, Aug 27, 2016 at 11:18 AM, Dirk Meyer  
> wrote:
>> Hallo Ollivier Robert,
>>
>>> [01:19:54] >> Failed ports: lang/go14:build security/libssh2:build 
>>> devel/libevent2:build archivers/libarchive:build lang/python27:package 
>>> security/trousers:build lang/python34:package devel/apr1:configure 
>>> lang/ruby23:package dns/ldns:configure databa
>>> ses/freetds:build www/libwww:configure ftp/lftp:build 
>>> security/pkcs11-helper:build security/php56-openssl:build www/lynx:build 
>>> net-p2p/libtorrent:build security/cyrus-sasl2:build dns/bind910:configure 
>>> mail/postfix-current:build mail/dovecot2:build lang/r
>>> uby22:package ftp/wget:configure www/nginx-devel:build dns/bind99:configure 
>>> www/aria2:build
>>>
>>> Most of them were building before (exception is go14 which is always 
>>> failing on my poudriere but I know why).
>>
>> a number of your ports failing with openssl-devel-1.1.0
>> builds fine with my version of openssl-1.1.0 in ports:
>>
>> archivers/libarchive
>> devel/apr1
>> devel/libevent2
>> dns/bind910
>> dns/ldns
>> net-p2p/libtorrent
>> security/php56-openssl
>> security/cyrus-sasl2
>> security/trousers
>> www/lynx
>>
>> For them there are no regressions with the update of security/openssl I an 
>> testing.
>>
>> kind regards Dirk
>>
>> - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
>> - [dirk.me...@dinoex.sub.org],[dirk.me...@guug.de],[din...@freebsd.org]
>>

Hi All,

I've committed the patch which fixes the ASM configure issue, the i386
b

Re: Upcoming OpenSSL 1.1.0 release

2016-08-29 Thread Bernard Spil 
Thanks Chris! Added these (and reasons) to wiki.freebsd.org/OpenSSL/1.1.0

On Mon, Aug 29, 2016 at 2:24 PM, Chris  wrote:
> On 22 August 2016 at 19:39, Mathieu Arnold  wrote:
>> ports-committers is a *NEVER POST DIRECTLY TO* list, so, moving it to
>> ports@ where this belongs a lot more.
>>
>> +--On 22 août 2016 20:30:15 +0200 Bernard Spil  wrote:
>> | Curious to know how we should procede with the upgrade of the OpenSSL
>> | port to 1.1.0!
>>
>> All ports need to work with it, I'm sure software like BIND9 do not build
>> with it.
>>
>> --
>> Mathieu Arnold
> repost with fixed formatting
>
> complete chaos on my lan box with openssl-devel port (1.1.0) os 10.3
>
> failed ports on complilation
>
> openssh-portable - missing evp function
> nmap - missing md4 function
> libssh2 - missing evp function
> wget - missing evp function
> proftpd - missing evp function
> ruby - missing evp function
> net-snmp - missing evp function
> python27 - compiles but then make install fails missing hashlib and ssl.sl 
> files
> libarchive - archive_libcryptor linker error
> apr1 - missing evp function
> serf - bio bucket read function missing
> openvpn - ctx error
> libevent - missing bio_buffervent
> nghttp2 (this and rest stopped looking for error type)
> apache24
> curl
>
> successful ports
>
> exim
> spdylay
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: mariadb10* ports broken on 9.x since last commit

2016-08-31 Thread Bernard Spil 

On 2016-08-30 17:45, Doug Barton wrote:

Since the last commit to the mariadb10* ports the resulting binaries
dump core on 9.3-RELEASE-p43, even for a simple --help option. I am
assuming that is not the intended result 

Doug


Hi Doug,

Nope, that is not intended. Assume this is the 10.0.27 update? I did 
build them on 9.3 but have not checked the resulting binaries... Will 
need some time to investigate!


https://brnrd.eu/poudriere/build.html?mastername=93amd64-svn&build=2016-08-29_20h14m28s

Cheers,

Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: mariadb10* ports broken on 9.x since last commit

2016-09-01 Thread Bernard Spil 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 2016-09-01 11:07, Dimitry Andric wrote:
> On 31 Aug 2016, at 19:03, Doug Barton  wrote:
>> 
>> August 31, 2016 12:37 AM, "Bernard Spil"  wrote:
>>> On 2016-08-30 17:45, Doug Barton wrote:
>>> 
>>>> Since the last commit to the mariadb10* ports the resulting binaries
>>>> dump core on 9.3-RELEASE-p43, even for a simple --help option. I am
>>>> assuming that is not the intended result 
>>>> Doug
>>> 
>>> Hi Doug,
>>> 
>>> Nope, that is not intended. Assume this is the 10.0.27 update? I did build 
>>> them on 9.3 but have not
>>> checked the resulting binaries... Will need some time to investigate!
>>> 
>>> https://brnrd.eu/poudriere/build.html?mastername=93amd64-svn&build=2016-08-29_20h14m28s
>> 
>> Thanks Bernard.
>> 
>> It turns out that the actual problem was binutils. I backed up several 
>> revisions of mariadb, past the previous working version, and had the same 
>> symptoms. Then I started on the deps that had changed at the same time, and 
>> fortunately I guessed right on the first one.
>> 
>> Backing up to -r{2016-08-25} on binutils got mariadb working with the latest 
>> version.
> 
> Bisecting showed this was introduced in binutils commit 26e3a0c [1],
> which turns on .init_array/.fini_array support by default.  It makes
> most C++ executables crash at startup, on 9.x, since support for this
> was not fully merged back to stable/9.
> 
> I think Baptiste is working on a fix.  It is probably best to configure
> binutils on 9.x with --disable-initfini-array.
> 
> -Dimitry
> 
> [1]
> https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=26e3a0c9ba4a8376fdf9f898637919d144d8b1d8

Hi Dimitry,

Thanks for the explanation. I thought that it was fixed from your
earlier mail. So it is still broken at runtime on 9.x...

Is there a PR on bugs.freebsd.org already documenting this?

Thanks!

Bernard.
-BEGIN PGP SIGNATURE-

iQIcBAEBAgAGBQJXyHVqAAoJEHT7/r+FArC0UpcP/3widk9T8lhFl2u875b5Mx+g
FM2ByY20fZGtoU7PDq3iTdFV0TIkiZJvtXb/Ez3Fc01yYpotjnbBJk6eGXOfNNLc
K+4fboQVd8oQvUbc5GU4j5ebdguLNl0xHldmq2rdFtMbHDSKmn23yqnOt9Uan/kS
TxesugnKDZ5zrJJ6J3XEYmskwJY4e8RaT86O8DPqcLzJ8nEdYGxxMuGL0/4ZOww0
bVoMlSJt7EH8DTZlqUCv/iyD9BSIR0mXVhG0CkiOOxIOiIiUve3h0Ex6bio30CR+
+PdXjrYuJK+yDFaipjAiKv3em4IxQOwL6l/vYex7zknwLHdN4ClWNcmXbGCdLfoG
a4Xxm4038kABjFHnUkpgZTtkTas5tGP6xQkMe0bkenr2zw9+yJlYbkwdknbDaL4h
4DeQ5uCFx1I+x/ml71545u4RrxLFXdHPyuDNrZC3I1IxIPRohsJEemaFn5ogdLHg
NF2GxAUQIkSZfdtSoYU5QhhhwniCj7hCjoUtlQwrCpf1yUSe8nxWzkgKlypmvgdM
3FQ0xxxu7OlHduGD2+WMeX2VRIoZu93Jw0Ze4jFUXy1qV8SofzH0bC2D7nDaUMbl
y3a7Aw1NBMgUL9kjiUpPkCap10onyEiT/1xl9oFtt3mvqLsWKJKr879tH+R6LcRF
2GbB0nEoJEHRBqsDPMeb
=jG6O
-END PGP SIGNATURE-
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: FreeBSD Port: databases/mariadb101-server / version 10.1.18 crashing

2016-11-11 Thread Bernard Spil 

On 2016-11-10 3:34, Miroslav Lachman wrote:

Miroslav Lachman wrote on 2016/11/09 15:43:

Please update port to 10.1.19. It includes critical fixes
https://jira.mariadb.org/browse/MDEV-10977
https://jira.mariadb.org/browse/MDEV-10394

We are getting following error on some machines too.

ERROR] InnoDB: Block in space_id 0 in file /var/db/mysql/ibdata1
encrypted. Miroslav Lachman


There is something terribly bad with MariaDB 10.1.18.

I upgraded next machine which was previously working fine for years
but keep crashing after upgrade.

I strongly warn users before 10.1.18 version - if you have your
databases created with some really old version and continously
upgraded to 10.1, stay at 10.1.17 or expect unexpected crashes.

This is one of many errors from logfile:

InnoDB: Doing recovery: scanned up to log sequence number 36685500328
2016-11-10  3:13:59 34426872832 [Note] InnoDB: Starting an apply batch
of log records to the database...
InnoDB: Progress in percent: 30 31 32 33 34 35 36 37 38 39 40 41 42 43
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
90 91 92 93 94 95 96 97 98 99
InnoDB: Apply batch completed
2016-11-10  3:14:00 34426872832 [Note] InnoDB: 128 rollback segment(s)
are active.
2016-11-10  3:14:00 34426872832 [Note] InnoDB: Waiting for purge to 
start

2016-11-10  3:14:00 34426896384 [ERROR] InnoDB: Block in space_id 0 in
file ./ibdata1 encrypted.
2016-11-10  3:14:00 34426896384 [ERROR] InnoDB: However key management
plugin or used key_id 8 is not found or used encryption algorithm or
method does not match.
2016-11-10  3:14:00 34426896384 [ERROR] InnoDB: Marking tablespace as
missing. You may drop this table or install correct key management
plugin and key file.
2016-11-10  3:14:00 34426896384 [ERROR] InnoDB: Block in space_id 0 in
file ./ibdata1 encrypted.
2016-11-10  3:14:00 34426896384 [ERROR] InnoDB: However key management
plugin or used key_id 8 is not found or used encryption algorithm or
method does not match.
2016-11-10  3:14:00 34426896384 [ERROR] InnoDB: Marking tablespace as
missing. You may drop this table or install correct key management
plugin and key file.
161110  3:14:00 [ERROR] mysqld got signal 11 ;
This could be because you hit a bug. It is also possible that this 
binary
or one of the libraries it was linked against is corrupt, improperly 
built,
or misconfigured. This error can also be caused by malfunctioning 
hardware.


To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

Server version: 10.1.18-MariaDB
key_buffer_size=268435456
read_buffer_size=2097152
max_used_connections=0
max_threads=152
thread_count=0
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads =
5557219 K  bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x0x0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x0 thread_stack 0x48400
0xb0238e  at /usr/local/libexec/mysqld
0x723631  at /usr/local/libexec/mysqld
0x803211b4a  at /lib/libthr.so.3
0x80321122c  at /lib/libthr.so.3
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html 
contains

information that should help you find out what is causing the crash.
161110 03:14:00 mysqld_safe mysqld from pid file /var/db/mysql/elsa.pid 
ended





It works fine after downgrade to 10.1.17

161110 03:28:41 mysqld_safe Starting mysqld daemon with databases from
/var/db/mysql
2016-11-10  3:28:41 34426872832 [Note] /usr/local/libexec/mysqld
(mysqld 10.1.17-MariaDB) starting as process 75826 ...
2016-11-10  3:28:41 34426872832 [Note] InnoDB: Using mutexes to ref
count buffer pool pages
2016-11-10  3:28:41 34426872832 [Note] InnoDB: The InnoDB memory heap
is disabled
2016-11-10  3:28:41 34426872832 [Note] InnoDB: Mutexes and rw_locks
use GCC atomic builtins
2016-11-10  3:28:41 34426872832 [Note] InnoDB: GCC builtin
__atomic_thread_fence() is used for memory barrier
2016-11-10  3:28:41 34426872832 [Note] InnoDB: Compressed tables use 
zlib 1.2.8
2016-11-10  3:28:41 34426872832 [Note] InnoDB: Using generic crc32 
instructions

2016-11-10  3:28:41 34426872832 [Note] InnoDB: Initializing buffer
pool, size = 256.0M
2016-11-10  3:28:41 34426872832 [Note] InnoDB: Completed
initialization of buffer pool
2016-11-10  3:28:41 34426872832 [Note] InnoDB: Highest supported file
format is Barracuda.
2016-11-10  3:28:41 34426872832 [Note] InnoDB: Log scan progressed
past the checkpoint lsn 36685481501
2016-11-10  3:28:41 34426872832 [Note] InnoDB: Database was not
shutdown normally!
2016-11-10  3:28:41 34426872832 [Note] InnoDB: Starting crash recovery.
2016-11-10  3:28

Re: LibreSSL + Heimdal Problem

2017-04-14 Thread Bernard Spil 

On 2017-04-13 13:43, Rafael Henrique da Silva Faria wrote:

Hi everyone, I'm trying to compile Heimdal with LibreSSL on a server,
but there is a odd problem.

Actually, I'm updating a working server, updated the LibreSSL version,
and tried to recompile all dependent ports with "portmaster -fr
libressl", but it stops on Heimdal.

The make stops on this linking:
/usr/bin/ld: warning: libcrypto.so.38, needed by
/usr/local/lib/heimdal/libhcrypto.so.4, not found (try using -rpath or
-rpath-link)

But when the make checks the depends, it looks for an other lib:
===>   heimdal-7.1.0_2 depends on file: /usr/local/lib/libcrypto.so.41 
- found


root@cenpe heimdal # pkg which /usr/local/lib/libcrypto.so.41
/usr/local/lib/libcrypto.so.41 was installed by package libressl-2.5.3
root@cenpe heimdal # pkg which /usr/local/lib/libcrypto.so.38
/usr/local/lib/libcrypto.so.38 was not found in the database
root@cenpe heimdal # pkg info | grep heimdal
heimdal-7.1.0_2Popular BSD-licensed implementation of 
Kerberos 5

root@cenpe heimdal # /usr/local/bin/openssl version
LibreSSL 2.5.3

There is anything that I need to do to change the lib that Heimdal is
looking for? I already have tried to recompile all ports (portmaster
-fa), but it always stops on Heimdal.

I don't know if the problem is with Heimdal or LibreSSL, because I
can't recompile OpenSSH-Portable on this machine too.
It stops on configure:

checking OpenSSL header version... not found
configure: error: OpenSSL version header not found.

All started after updating LibreSSL to the latest version.

root@cenpe openssh-portable # freebsd-version -ku
11.0-RELEASE-p8
11.0-RELEASE-p8
root@cenpe openssh-portable # uname -a
FreeBSD cenpe.fclar.unesp.br 11.0-RELEASE-p2 FreeBSD 11.0-RELEASE-p2
#0: Mon Oct 24 06:55:27 UTC 2016
r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

Please, let me know if I need to give some more information.

Thanks in advance.

--
Rafael Henrique da Silva Faria


Hi Rafael,

Sounds to me like portmaster isn't processing dependencies correctly 
here. The installed heimdal still depends on the old libcrypto whilst 
you have the new one on your system.
Does it fail during build of a spcific port? You may want to first 
rebuild heimdal before other ports. pkg delete -f heimdal first, then 
build/install it again.


If you still have the old package you could extract the old libs from 
libressl 2.4 and put them in /usr/local/lib temporarily. Sometimes you 
can also circumvent the issue by symlinking libcrypto.so.38 to 
libcrypto.so.41 but that is real hackish.


Cheers,

Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: databases/mariadb101-client upgraded in wrong order, resulted in missing files

2017-04-19 Thread Bernard Spil 

On 2017-04-18 21:45, Miroslav Lachman wrote:

Miroslav Lachman wrote on 2017/03/31 15:31:

I don't know if it was "pkg" fault or mariadb101-server and
mariadb101-client conflict.

I did standard "pkg upgrade" and at the end I have half files of
mariadb101-client missing:

# pkg check -Ba
Checking all packages: ...
pkg: fstat() failed for(/usr/local/bin/msql2mysql): No such file or
directory
pkg: fstat() failed for(/usr/local/bin/mysql_find_rows): No such file 
or

directory
pkg: fstat() failed for(/usr/local/bin/mysqlaccess): No such file or
directory
pkg: fstat() failed for(/usr/local/include/mysql/big_endian.h): No 
such

file or directory
pkg: fstat() failed 
for(/usr/local/include/mysql/byte_order_generic.h):

No such file or directory
pkg: fstat() failed
for(/usr/local/include/mysql/byte_order_generic_x86.h): No such file 
or

directory
pkg: fstat() failed
for(/usr/local/include/mysql/byte_order_generic_x86_64.h): No such 
file

or directory
pkg: fstat() failed for(/usr/local/include/mysql/client_plugin.h): No
such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/decimal.h): No such
file or directory
pkg: fstat() failed for(/usr/local/include/mysql/errmsg.h): No such 
file

or directory
pkg: fstat() failed for(/usr/local/include/mysql/handler_ername.h): No
such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/handler_state.h): No
such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/keycache.h): No such
file or directory
pkg: fstat() failed for(/usr/local/include/mysql/little_endian.h): No
such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/m_ctype.h): No such
file or directory
pkg: fstat() failed for(/usr/local/include/mysql/ma_dyncol.h): No such
file or directory
pkg: fstat() failed for(/usr/local/include/mysql/my_alloc.h): No such
file or directory
pkg: fstat() failed for(/usr/local/include/mysql/my_attribute.h): No
such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/my_byteorder.h): No
such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/my_compiler.h): No 
such

file or directory
pkg: fstat() failed for(/usr/local/include/mysql/my_dbug.h): No such
file or directory
pkg: fstat() failed for(/usr/local/include/mysql/my_dir.h): No such 
file

or directory
pkg: fstat() failed for(/usr/local/include/mysql/my_getopt.h): No such
file or directory
pkg: fstat() failed for(/usr/local/include/mysql/my_list.h): No such
file or directory
pkg: fstat() failed for(/usr/local/include/mysql/my_net.h): No such 
file

or directory
pkg: fstat() failed for(/usr/local/include/mysql/my_pthread.h): No 
such

file or directory
pkg: fstat() failed for(/usr/local/include/mysql/my_xml.h): No such 
file

or directory
pkg: fstat() failed for(/usr/local/include/mysql/mysql_com.h): No such
file or directory
pkg: fstat() failed for(/usr/local/include/mysql/mysql_com_server.h): 
No

such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/mysql_embed.h): No 
such

file or directory
pkg: fstat() failed for(/usr/local/include/mysql/mysql_time.h): No 
such

file or directory
pkg: fstat() failed for(/usr/local/include/mysql/mysqld_ername.h): No
such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/mysqld_error.h): No
such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/plugin_audit.h): No
such file or directory
pkg: fstat() failed 
for(/usr/local/include/mysql/plugin_auth_common.h):

No such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/plugin_encryption.h):
No such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/plugin_ftparser.h): 
No

such file or directory
pkg: fstat() failed
for(/usr/local/include/mysql/plugin_password_validation.h): No such 
file

or directory
pkg: fstat() failed for(/usr/local/include/mysql/psi/mysql_idle.h): No
such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/psi/mysql_socket.h): 
No

such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/psi/mysql_stage.h): 
No

such file or directory
pkg: fstat() failed 
for(/usr/local/include/mysql/psi/mysql_statement.h):

No such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/psi/mysql_table.h): 
No

such file or directory
pkg: fstat() failed for(/usr/local/include/mysql/psi/mysql_thread.h): 
No

such file or directory
pkg: fstat() failed 
for(/usr/local/include/mysql/service_debug_sync.h):

No such file or directory
pkg: fstat() failed 
for(/usr/local/include/mysql/service_encryption.h):

No such file or directory
pkg: fstat() failed
for(/usr/local/include/mysql/service_encryption_scheme.h): No such 
file

or directory
pkg: fstat() failed
for(/usr/local/include/mysql/service_kill_statement.h): No such file 
or

directory
pkg: fstat() failed for(/usr/local/include/mysql/service_md5.h): No 
such

file or directory
pkg: fstat() failed 
for(/usr/local/include/mysql/service_my_snprintf.h):

No such file or directory

Re: FreeBSD Port: databases/galera [with Mariadb 101]

2017-07-24 Thread Bernard Spil 

On 2017-03-03 18:35, Калоян Механджийски wrote:

Hello

I tried about 1 year ago Galera cluster with MySQL and it didn't work
out so back then I tried as I tried today MariaDB 101 with Galera
cluster.
I see that both Galera and MariaDB ports are being modified but the
combined configuration don't work at all. I also see that Galera
cluster is officially supported on FreeBSD.

I have managed to bring up the cluster and make both nodes join but
then replication don't work at all and even mysqld process hung when
trying to stop one of the nodes.

I have been reading this post
https://forums.freebsd.org/threads/53969/ and I ended up at the same
place where the author BlindPenguin ended.
Adding this line 'export LD_LIBRARY_PATH=/usr/local/lib/gcc49' to
/usr/local/bin/mysqld_safe made the cluster running and nodes able to
join, but data transfer between nodes don't seem to work.

I've been trying with various of configuration sets, first tried the
ones (the most basic ones) from the galera official documentation,
then I changed some stuff just for troubleshooting but no matter what
I change I can't get it working.

My my.cnf file:

[mysqld]

sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
binlog_format = 'ROW'

[galera]
wsrep_provider="/usr/local/lib/libgalera_smm.so"
wsrep_cluster_name=MyCluster
wsrep_cluster_address="gcomm://192.168.10.77,192.168.10.78"
wsrep_node_name=MyNode2
wsrep_node_address="192.168.10.78"
wsrep_sst_method=rsync
wsrep_sst_auth=sst_user:sudomadafaka
wsrep_on=ON
log_basename='galeratest2'


FreeBSD Version:
FreeBSD galeratest.mydomain.lan 11.0-RELEASE-p1 FreeBSD
11.0-RELEASE-p1 #0 r306420: Thu Sep 29 01:43:23 UTC 2016
r...@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

My request: Please let me know if anybody from the port maintainers
did a successful cluster configuration with Galera? After all this
port is not marked as broken?
And if I can get any help from the port maintainers , or I should
probably contact the Galera as port provider?

Thank you in advance.


This is very strange... That would only work if you replace clang with 
gcc 4.9 in your system and rebuild everything with that.

LD_LIBRARY_PATH=/usr/local/lib/gcc49


I'm not running clusters myself so it's really hard to test. If you can 
help out, I am interested in actually making this work!


Let me see where I can get with MariaDB 10.2 on FreeBSD 11.1. I will 
probably send you some patch to test.


Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Intent to update security/openssl-devel to 1.1.1

2018-03-21 Thread Bernard Spil 

Hi All,

I've been maintaining a port for OpenSSL 1.1.1 for myself for a while, 
the port is at version 1.1.1.p3 as of today (see 
https://github.com/Sp1l/ports/tree/master/security/openssl-master). It 
works well with ${USESDIR}/apache.mk and DEFAULT_VERSIONS= 
ssl=openssl-devel.


A while ago I did 2 exp-runs of the complete ports tree, one with 1.1.0g 
and the other with 1.1.1.p2. Both on the same revision of 2018-03-18. 
The output was compared to identify ports that fail with 1.1.1.p2 that 
weren't already failing with 1.1.0 too. The result is a mere 44 ports, 
of which I currently believe most can be attributed to qt4-/qt5-network 
failure.
Failures and links to poudriere logs here: 
https://wiki.freebsd.org/OpenSSL/1.1.1
(for reference, 1.1.0 activity documented here: 
https://wiki.freebsd.org/OpenSSL/1.1.0)


As the delta in fall-out between 1.1.0 and 1.1.1 is so limited I intend, 
as maintainer of the security/openssl and security/openssl-devel ports, 
to update the security/openssl-devel port to 1.1.1 when that becomes the 
release.


I'm open to suggestions on keeping both version 1.1.0 and 1.1.1 in the 
tree, but with current naming scheme that would be neigh impossible. The 
openssl-devel port was created in discussion with portmgr (alternative 
would have been security/openssl110), I'm open to changes in the naming 
too.


Any feedback appreciated.
Feedback that you actually use the -devel port would be great, I have no 
clue if anyone uses it...


Cheers, Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Intent to update security/openssl-devel to 1.1.1

2018-03-21 Thread Bernard Spil 

On 2018-03-21 17:53, Mathieu Arnold wrote:

On Wed, Mar 21, 2018 at 04:55:59PM +0100, Bernard Spil wrote:
I'm open to suggestions on keeping both version 1.1.0 and 1.1.1 in the 
tree,


Well, there is a -devel port to keep the development version of 
OpenSSL,

no need to have more than one development version.


The -devel port hasn't been a -devel version since August 2017 with 
r420878. Should I have put it up for reconsidering different naming back 
then?



At one point, someone will work on updating the non -devel port to the
1.1 branch, but nobody has worked on that yet.


Do you agree that we should create a security/openssl11 port so that 
users can switch to that version if they wish? That would allow me to 
update -devel to 1.1.1.p3 outright. More and more I feel like I'm 
depriving early adopters of the ability to use TLSv1.3.


Myself, I consider 1.1.0 a kind-of -devel version for lack of support in 
other ports. Analogous to OpenSSL 1.0.0 which hasn't seen widespread use 
either. 1.1.1 brings additional features, primarily TLSv1.3, that make 
it a target to be really used by e.g. web-servers.


In the background I have been working on updating security/openssl to 
1.1 branch, but little of that has been visible. Amongst others I've 
revisited the ports marked BROKEN with 1.1.


The fall-out is still too large to make this viable at this moment. 
Blocking in my opinion:

 - Qt4 & Qt5 (network)
 - MIT krb5
 - net-snmp
 - MySQL

Currently blocking but fixable by switching versions
 - Erlang 19 -> 20
 - ...

Fall-out can be seen on my poudriere bulk-builder (with thanks to 
Warwick Uni for letting me use it) https://keg.brnrd.eu/
Status for 1.1(.0) branch visible here 
https://wiki.freebsd.org/OpenSSL/1.1.0


Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Removal of www/apache22

2018-03-27 Thread Bernard Spil 

Hi all,

Just noticed that the Apache project has removed the patches they had 
for 2.2.34.


http://www.apache.org/dist/httpd/patches/apply_to_2.2.34/

Combined with the security update of 2.4 branch to 2.4.33 leads me to 
believe that Apache 2.2 is now vulnerable and no patches will be 
provided.


If someone wishes to step up and get patches for 2.2 from e.g. RedHat, 
we may be able to keep the port alive for a bit longer. If no one steps 
up, I see no other way forward than to delete the port as indicated by 
the DEPRECATED variable and expiration date 2017-07-01 since July 2016.


Cheers,

Bernard.
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Removal of www/apache22

2018-04-08 Thread Bernard Spil 
There's been no-one wanting to keep Apache 2.2 that has come forward.

Expect www/apache22 to be removed later in the week. Cleanup of
Mk/Uses/apache.mk after that.

2018-03-27 14:52 GMT+02:00 Bernard Spil :
> Hi all,
>
> Just noticed that the Apache project has removed the patches they had for
> 2.2.34.
>
> http://www.apache.org/dist/httpd/patches/apply_to_2.2.34/
>
> Combined with the security update of 2.4 branch to 2.4.33 leads me to
> believe that Apache 2.2 is now vulnerable and no patches will be provided.
>
> If someone wishes to step up and get patches for 2.2 from e.g. RedHat, we
> may be able to keep the port alive for a bit longer. If no one steps up, I
> see no other way forward than to delete the port as indicated by the
> DEPRECATED variable and expiration date 2017-07-01 since July 2016.
>
> Cheers,
>
> Bernard.
> ___
> freebsd-apa...@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-apache
> To unsubscribe, send any mail to "freebsd-apache-unsubscr...@freebsd.org"
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Removal of www/apache22

2018-04-11 Thread Bernard Spil 
Hi All,

You are all maintainer of a port that depends on www/apache22. The
Apache 2.2 port has been marked EXPIRED for almost a year. I was about
to delete it but didn't want to go ahead without informing you. My
analysis of the dependent ports can be found in the FreeBSD wiki
https://wiki.freebsd.org/Apache#Apache_2.2

www/mod_antiloris a...@vts.su.ac.rs
www/mod_clamav tmu...@kommunity.net
www/mod_extract_forwarded kuriy...@freebsd.org
www/mod_log_config-st portmas...@bsdforge.com
www/mod_log_mysql portmas...@bsdforge.com
www/mod_macro22 luk...@wasikowski.net
www/mod_memcache_block g...@hychen.org
www/mod_remoteip po...@christianserving.org
www/mod_uid jon...@freebsd.org
www/mod_whatkilledus f...@moov.de
www/mod_xml2enc dna...@gmail.com
www/mod_spdy mas...@club.kyutech.ac.jp

If the port cannot be updated to work with Apache 2.4 it will be
removed together with www/apache22. Let me and apache@ know if you can
update the port to use 2.4 or if there's a different port we should be
pointing to in MOVED.

Thank you for your cooperation!

With kind regards, Bernard Spil (with hat apache@)

2018-04-08 12:57 GMT+02:00 Bernard Spil :
> There's been no-one wanting to keep Apache 2.2 that has come forward.
>
> Expect www/apache22 to be removed later in the week. Cleanup of
> Mk/Uses/apache.mk after that.
>
> 2018-03-27 14:52 GMT+02:00 Bernard Spil :
>> Hi all,
>>
>> Just noticed that the Apache project has removed the patches they had for
>> 2.2.34.
>>
>> http://www.apache.org/dist/httpd/patches/apply_to_2.2.34/
>>
>> Combined with the security update of 2.4 branch to 2.4.33 leads me to
>> believe that Apache 2.2 is now vulnerable and no patches will be provided.
>>
>> If someone wishes to step up and get patches for 2.2 from e.g. RedHat, we
>> may be able to keep the port alive for a bit longer. If no one steps up, I
>> see no other way forward than to delete the port as indicated by the
>> DEPRECATED variable and expiration date 2017-07-01 since July 2016.
>>
>> Cheers,
>>
>> Bernard.
>> ___
>> freebsd-apa...@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-apache
>> To unsubscribe, send any mail to "freebsd-apache-unsubscr...@freebsd.org"
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Removal of www/apache22

2018-04-16 Thread Bernard Spil 
Hi All,

I've pulled the trigger on the removal of www/apache22.
I've kept mod_memcache_blok but marked it BROKEN pending maintaner update.

Added bofh@ as resin3 is also affected (option, default disabled).

If the port does work with Apache 2.4 (or with a patch), let me know
so we can add it again.

Cheers, Bernard.

2018-04-12 9:50 GMT+02:00 Hung-Yi Chen :
> Hi,
>
> www/mod_memcache_block can work with apache 2.4.
>
> I'll send a PR.
>
>
> 2018-04-12 4:35 GMT+08:00 Philip M. Gollucci :
>>
>> mod_log_mysql ->
>> https://github.com/freebsd/freebsd-ports/blob/master/www/mod_log_sql
>>
>> On Wed, Apr 11, 2018 at 12:52 PM, Łukasz Wąsikowski
>>  wrote:
>>>
>>> W dniu 2018-04-11 o 20:29, Bernard Spil pisze:
>>>
>>> > You are all maintainer of a port that depends on www/apache22. The
>>> > Apache 2.2 port has been marked EXPIRED for almost a year. I was about
>>> > to delete it but didn't want to go ahead without informing you. My
>>> > analysis of the dependent ports can be found in the FreeBSD wiki
>>> > https://wiki.freebsd.org/Apache#Apache_2.2
>>>
>>> [...]
>>>
>>> > www/mod_macro22 luk...@wasikowski.net
>>>
>>> This is apache 2.2 only version. Feature provided by this port is
>>> included in apache 2.4 , so feel free to bury www/mod_macro22.
>>>
>>> --
>>> best regards,
>>> Lukasz Wasikowski
>>> ___
>>> freebsd-apa...@freebsd.org mailing list
>>> https://lists.freebsd.org/mailman/listinfo/freebsd-apache
>>> To unsubscribe, send any mail to "freebsd-apache-unsubscr...@freebsd.org"
>>
>>
>>
>>
>> --
>>
>> -
>> 4096R/D21D2752 ECDF B597 B54B 7F92 753E  E0EA F699 A450 D21D 2752
>> Philip M. Gollucci (pgollu...@p6m7g8.com) c: 703.336.9354
>> Member,   Apache Software Foundation
>> Committer,FreeBSD Foundation
>> Consultant,   P6M7G8 Inc.
>> Director Cloud Technology,Capital One
>>
>> What doesn't kill us can only make us stronger;
>> Except it almost kills you.
>
>
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"