Re: Qpopper and openssl on FreeBSD 11.x
> On 23 March 2018, at 02:40, Matthias Andreewrote: > > Am 17.02.2018 um 04:22 schrieb Doug Hardie: >> I have encountered an interesting situation while trying to resolve a PR on >> qpopper. I am unable to build qpopper on 11.1 (and probably 11.0) because >> the openssl function SSLv3_server_method has been removed. I can see where >> the SSLv2 functions are disabled in ssl.h, but the SSLv3 functions appear >> that they should be there. nm on libssl shows they are there. Clang's >> linker can't link to them. One of the qpopper users' indicates that the >> problem does not exist on 10.4. I believe the loss of the SSLv3 methods is >> a bug and have filed Bug report. > > It is a deliberate security measure to remove SSLv3 methods, and not a > bug. The protocol is broken. Granted those protocols are broken, but removing the calls to disable them means that for systems that still support them, you have no real option to disable them. Its like you are pretending they never existed. However, they still do in 10.x which is still supported. > >> Resolution of that PR will obviously take some time. The question at hand >> is what to do in the meantime. I am guessing the packages must be built on >> 10.x or there would be a report of the problem. I can easily change the >> code, via a patch, to use SSLv23_server_method in all cases, or the >> preferred TLSv1_server_method. That will eliminate the options to restrict >> qpopper to SSLv2 or SSLv3. This does not appear to be an issue for those >> running 11.x. However, it is for those using 10.x and earlier. Given the >> security issues today, I can't imagine anyone wanting to use those options, >> but it is possible someone is using them. Switching to the >> TLSv1_server_method will remove that capability for them. > > Use SSLv23_server_method(), and use code to block out SSLv2 + SSLv3 on > those systems that still support them - which depends on the > OpenSSL/LibreSSL version, however: > Older OpenSSL and LibreSSL require SSL_OP_NO_SSLv3 and SSL_OP_NO_SSLv2 > set through ..._set_options() on the SSL or CTX, > newer OpenSSL (1.1.0+) have ..._set_min_proto_version(..., TLS1_VERSION). The simple approach for 11 is to use SSLv23_server_method() as it handles everything and no extra calls are required. However, that doesn't work for 10.x Adding in all the checks you mention is a lot of development and testing effort. I don't have the resources or desire to do all that. I have not found a hardware system that will run 10.x. Everything I have runs 11 just fine... -- Doug ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Bug reports commit request
Dear committers, Would someone please commit following bug reports with maintainer timeout? Bug 225570 - security/bruteforceblocker: add patch to handle "fatal: Unable to negotiate with" message and update WWW https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225570 Bug 226089 - japanese/another-htmllint: add www/p5-LWP-Protocol-https to RUN_DEPENDS https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226089 Best Regards. --- Yasuhiro KIMURA ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
INDEX now builds successfully on 10.x
___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
INDEX build failed for 10.x
INDEX build failed with errors: Generating INDEX-10 - please wait..--- describe.accessibility --- --- describe.arabic --- --- describe.archivers --- --- describe.astro --- --- describe.audio --- --- describe.benchmarks --- --- describe.biology --- --- describe.cad --- --- describe.chinese --- --- describe.comms --- --- describe.converters --- --- describe.databases --- --- describe.deskutils --- --- describe.devel --- --- describe.dns --- --- describe.editors --- --- describe.emulators --- --- describe.finance --- --- describe.french --- --- describe.ftp --- [...] --- describe.print --- --- describe.russian --- --- describe.science --- --- describe.security --- --- describe.shells --- --- describe.sysutils --- --- describe.textproc --- --- describe.ukrainian --- --- describe.vietnamese --- --- describe.www --- --- describe.x11 --- --- describe.x11-clocks --- --- describe.x11-drivers --- --- describe.x11-fm --- --- describe.x11-fonts --- --- describe.x11-servers --- --- describe.x11-themes --- --- describe.x11-toolkits --- --- describe.x11-wm --- Done. make_index: /home/indexbuild/tindex/ports/misc/kdeutils-kde4: no entry for /home/indexbuild/tindex/ports/sysutils/filelight-kde4 Committers on the hook: adridg ale amdmi3 linimon lwhsu tota Most recent SVN update was: Updating '.': Unet-mgmt/lldpd/Makefile Udatabases/py-alembic/Makefile Udatabases/py-alembic/distinfo Umath/R-cran-NMF/Makefile Umath/R-cran-NMF/distinfo Umail/roundcube/Makefile Umail/roundcube/distinfo UMOVED Umisc/kdeutils-kde4/Makefile Usysutils/filelight/Makefile Asysutils/filelight-kde4 Asysutils/filelight-kde4/Makefile Asysutils/filelight-kde4/distinfo Asysutils/filelight-kde4/pkg-plist Asysutils/filelight-kde4/pkg-descr Udevel/R-cran-sfsmisc/Makefile UU devel/R-cran-sfsmisc/distinfo Udevel/eris/Makefile Udevel/eris/pkg-descr Dnet-im/ktp-contact-runner Dnet-im/ktp-accounts-kcm Dnet-im/ktp-send-file Dnet-im/ktp-text-ui Dnet-im/ktp-desktop-applets Dnet-im/ktp-filetransfer-handler Dnet-im/ktp-contact-list Dnet-im/ktp-common-internals Dnet-im/kde-telepathy Dnet-im/plasma-applet-ktp Dnet-im/ktp-auth-handler Dnet-im/ktp-kded-integration-module Dnet-im/ktp-approver Unet-im/Makefile Anet-im/ktp-accounts-kcm-kde4 Anet-im/ktp-accounts-kcm-kde4/Makefile Anet-im/ktp-accounts-kcm-kde4/pkg-plist Anet-im/ktp-accounts-kcm-kde4/distinfo Anet-im/ktp-accounts-kcm-kde4/pkg-descr Anet-im/ktp-approver-kde4 Anet-im/ktp-approver-kde4/Makefile Anet-im/ktp-approver-kde4/distinfo Anet-im/ktp-approver-kde4/pkg-plist Anet-im/ktp-approver-kde4/pkg-descr Anet-im/ktp-auth-handler-kde4 Anet-im/ktp-auth-handler-kde4/Makefile Anet-im/ktp-auth-handler-kde4/distinfo Anet-im/ktp-auth-handler-kde4/pkg-plist Anet-im/ktp-auth-handler-kde4/pkg-descr Anet-im/ktp-common-internals-kde4 Anet-im/ktp-common-internals-kde4/Makefile Anet-im/ktp-common-internals-kde4/distinfo Anet-im/ktp-common-internals-kde4/files Anet-im/ktp-common-internals-kde4/files/patch-CMakeLists.txt Anet-im/ktp-common-internals-kde4/pkg-plist Anet-im/ktp-common-internals-kde4/pkg-descr Anet-im/ktp-contact-list-kde4 Anet-im/ktp-contact-list-kde4/Makefile Anet-im/ktp-contact-list-kde4/distinfo Anet-im/ktp-contact-list-kde4/pkg-plist Anet-im/ktp-contact-list-kde4/pkg-descr Anet-im/ktp-contact-runner-kde4 Anet-im/ktp-contact-runner-kde4/Makefile Anet-im/ktp-contact-runner-kde4/distinfo Anet-im/ktp-contact-runner-kde4/pkg-plist Anet-im/ktp-contact-runner-kde4/pkg-descr Anet-im/ktp-desktop-applets-kde4 Anet-im/ktp-desktop-applets-kde4/Makefile Anet-im/ktp-desktop-applets-kde4/distinfo Anet-im/ktp-desktop-applets-kde4/pkg-plist Anet-im/ktp-desktop-applets-kde4/pkg-descr Anet-im/ktp-filetransfer-handler-kde4 Anet-im/ktp-filetransfer-handler-kde4/Makefile Anet-im/ktp-filetransfer-handler-kde4/distinfo Anet-im/ktp-filetransfer-handler-kde4/pkg-plist Anet-im/ktp-filetransfer-handler-kde4/pkg-descr Anet-im/ktp-kded-integration-module-kde4 Anet-im/ktp-kded-integration-module-kde4/Makefile Anet-im/ktp-kded-integration-module-kde4/distinfo Anet-im/ktp-kded-integration-module-kde4/pkg-plist Anet-im/ktp-kded-integration-module-kde4/pkg-descr Anet-im/ktp-send-file-kde4 Anet-im/ktp-send-file-kde4/Makefile Anet-im/ktp-send-file-kde4/distinfo Anet-im/ktp-send-file-kde4/pkg-plist Anet-im/ktp-send-file-kde4/pkg-descr Anet-im/ktp-text-ui-kde4 Anet-im/ktp-text-ui-kde4/Makefile Anet-im/ktp-text-ui-kde4/distinfo Anet-im/ktp-text-ui-kde4/pkg-plist Anet-im/ktp-text-ui-kde4/pkg-descr Anet-im/plasma-applet-ktp-kde4 Anet-im/plasma-applet-ktp-kde4/Makefile Anet-im/plasma-applet-ktp-kde4/distinfo Anet-im/plasma-applet-ktp-kde4/pkg-plist A
Lightning does not work in Seamonkey 2.49.1
I have Seamonkey 2.49.1 installed from my poudrier build. I have selected LIGHTNING option but it doesn't work. I don't see calendar and tasks anywhere in the menus. I tried installing Lightbird extension but it doesn't work too. Is there anybody with working calendar in Seamonkey? FreeBSD 10.4-RELEASE-p5 amd64 GENERIC seamonkey-2.49.1_7 Name : seamonkey Version: 2.49.1_7 Installed on : Fri Mar 23 02:00:15 2018 CET Origin : www/seamonkey Architecture : FreeBSD:10:amd64 Prefix : /usr/local Categories : mail irc news ipv6 editors www Licenses : Maintainer : ge...@freebsd.org WWW: http://www.mozilla.org/projects/seamonkey/ Comment: The open source, standards compliant web browser Options: ALSA : on BUNDLED_CAIRO : off CANBERRA : on DBUS : on DEBUG : off DTRACE : on FFMPEG : on GCONF : on GTK2 : off GTK3 : on INTEGER_SAMPLES: off JACK : on LDAP : off LIBPROXY : off LIGHTNING : on OPTIMIZED_CFLAGS: on PROFILE: off PULSEAUDIO : on RUST : off SNDIO : off TEST : off Shared Libs required: libhunspell-1.6.so.0 libevent-2.1.so.6 libvpx.so.4 libplc4.so libXcomposite.so.1 libxcb.so.1 libgdk_pixbuf-2.0.so.0 libgio-2.0.so.0 libssl3.so libXfixes.so.3 libnss3.so libogg.so.0 libv4l2.so.0 libgobject-2.0.so.0 libnssutil3.so libplds4.so libharfbuzz.so.0 libstartup-notification-1.so.0 libX11.so.6 libdbus-1.so.3 libXdamage.so.1 libnspr4.so libXt.so.6 libgraphite2.so.3 libicuuc.so.60 libpng16.so.16 libicui18n.so.60 libvorbis.so.0 libglib-2.0.so.0 libfontconfig.so.1 libsmime3.so libgdk-x11-2.0.so.0 libgdk-3.so.0 libXrender.so.1 Annotations: FreeBSD_version: 1004000 cpe: cpe:2.3:a:mozilla:seamonkey:2.49.1:freebsd10:x64:7 no_provide_shlib: yes repo_type : binary repository : codelab Flat size : 126MiB Kind regards Miroslav Lachman ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Qpopper and openssl on FreeBSD 11.x
Am 17.02.2018 um 04:22 schrieb Doug Hardie: > I have encountered an interesting situation while trying to resolve a PR on > qpopper. I am unable to build qpopper on 11.1 (and probably 11.0) because > the openssl function SSLv3_server_method has been removed. I can see where > the SSLv2 functions are disabled in ssl.h, but the SSLv3 functions appear > that they should be there. nm on libssl shows they are there. Clang's > linker can't link to them. One of the qpopper users' indicates that the > problem does not exist on 10.4. I believe the loss of the SSLv3 methods is a > bug and have filed Bug report. It is a deliberate security measure to remove SSLv3 methods, and not a bug. The protocol is broken. > Resolution of that PR will obviously take some time. The question at hand is > what to do in the meantime. I am guessing the packages must be built on 10.x > or there would be a report of the problem. I can easily change the code, via > a patch, to use SSLv23_server_method in all cases, or the preferred > TLSv1_server_method. That will eliminate the options to restrict qpopper to > SSLv2 or SSLv3. This does not appear to be an issue for those running 11.x. > However, it is for those using 10.x and earlier. Given the security issues > today, I can't imagine anyone wanting to use those options, but it is > possible someone is using them. Switching to the TLSv1_server_method will > remove that capability for them. Use SSLv23_server_method(), and use code to block out SSLv2 + SSLv3 on those systems that still support them - which depends on the OpenSSL/LibreSSL version, however: Older OpenSSL and LibreSSL require SSL_OP_NO_SSLv3 and SSL_OP_NO_SSLv2 set through ..._set_options() on the SSL or CTX, newer OpenSSL (1.1.0+) have ..._set_min_proto_version(..., TLS1_VERSION). ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"