2016-03-01 08:33:47 heh 2016-03-01 08:33:57 i think i solved that libcouchbase issue 2016-03-01 08:51:32 to fix libcoucbase i had to change /etc/hosts 2016-03-01 08:51:45 so localhost is 127.0.0.1 instead of 192.168.8.x 2016-03-01 08:52:28 duh 2016-03-01 08:54:08 it failed on the testsuite 2016-03-01 08:54:36 tests looked like they involved network connection 2016-03-01 08:55:01 and it worked in my dev container 2016-03-01 15:10:19 what 2016-03-01 15:10:26 curl is broken 2016-03-01 15:10:35 and uses curl to download curl :) 2016-03-01 15:10:49 looks like openssl broke curl 2016-03-01 15:10:52 yes 2016-03-01 15:11:00 Error relocating /usr/lib/libcurl.so.4: SSLv2_client_method: symbol not foun 2016-03-01 15:11:14 bump curl should solve 2016-03-01 15:11:44 or it's broken on upstream 2016-03-01 15:11:56 curl does not support anymore that method 2016-03-01 15:13:10 does that affect curl only 2016-03-01 15:13:21 or *everything* that links against openssl? 2016-03-01 15:13:27 heh 2016-03-01 15:14:54 is written nowhere that ABI breaks 2016-03-01 15:14:59 1.0.2 is LTS 2016-03-01 15:15:06 "SSLv2 is now by default disabled at build-time" 2016-03-01 15:15:22 ncopa, build openssl with "enable-ssl2" should fix it 2016-03-01 15:16:42 fcolista, try rebuilding openssl locally with "enable-ssl2", install it locally, and test curl 2016-03-01 15:17:34 wget http://www.openssl.org/source/openssl-1.0.2g.tar.gz 2016-03-01 15:17:34 Error relocating /usr/bin/wget: SSLv2_client_method: symbol not found 2016-03-01 15:17:40 niether wget works 2016-03-01 15:17:47 gotta download from another place 2016-03-01 15:17:49 one sec 2016-03-01 15:18:39 "In addition, weak ciphers in SSLv3 and up are now disabled in default builds of 2016-03-01 15:18:39 OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will 2016-03-01 15:18:39 not provide any "EXPORT" or "LOW" strength ciphers." 2016-03-01 15:26:27 fcolista, ncopa, building with "enable-ssl2" and "enable-weak-ssl-ciphers" makes curl happy 2016-03-01 15:26:37 i'm doing it 2016-03-01 15:27:18 do we need that enable-weak-ssl-ciphers? 2016-03-01 15:27:35 ncopa, might be needed with some broken sites I guess 2016-03-01 15:28:02 not for curl to work though 2016-03-01 15:28:03 i dont care about no support for ssl sites with old/weak ciphers 2016-03-01 15:28:17 as long curl works for unencrypted http 2016-03-01 15:29:04 rebuilding with disabled weak ciphers and testing 2016-03-01 15:34:00 with only enable-ssl2, curl doesn't work (at least here) 2016-03-01 15:34:09 right 2016-03-01 15:34:15 Error relocating /usr/bin/openssl: SRP_VBASE_get1_by_user: symbol not found 2016-03-01 15:34:15 Error relocating /usr/bin/openssl: SRP_user_pwd_free: symbol not found 2016-03-01 15:34:30 so we need both 2016-03-01 15:34:41 will the enable-weak-ssl-ciphers enable weak stuff that we previously didnt enable? 2016-03-01 15:35:27 hum 2016-03-01 15:43:02 #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS 2016-03-01 15:43:02 { 2016-03-01 15:43:02 1, 2016-03-01 15:43:02 SSL3_TXT_RSA_RC4_40_MD5, 2016-03-01 15:43:02 SSL3_CK_RSA_RC4_40_MD5, 2016-03-01 15:43:03 SSL_kRSA, 2016-03-01 15:43:05 SSL_aRSA, 2016-03-01 15:43:07 SSL_RC4, 2016-03-01 15:43:11 SSL_MD5, 2016-03-01 15:43:13 SSL_SSLV3, 2016-03-01 15:43:15 SSL_EXPORT | SSL_EXP40, 2016-03-01 15:43:17 SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 2016-03-01 15:43:19 40, 2016-03-01 15:43:21 128, 2016-03-01 15:43:23 }, 2016-03-01 15:43:25 #endif 2016-03-01 15:43:27 --- 2016-03-01 15:43:32 actually there's more stuff 2016-03-01 15:43:47 http://sprunge.us/SEia 2016-03-01 15:44:58 mostly 40/56-bits ciphers 2016-03-01 15:45:48 i am strongly against enable-weak-ssl-ciphers 2016-03-01 15:46:00 i am also against SSL2 2016-03-01 15:46:05 its so outdated 2016-03-01 15:46:22 even ssl3 is outdated and should not be supported anymore 2016-03-01 15:46:27 i agree, but gotta someone to figure out why curl and possibly other packages are broken 2016-03-01 15:48:10 we need to enable that 2016-03-01 15:48:16 rnalrd: i wonder if we should just enable it for now 2016-03-01 15:48:22 ok 2016-03-01 15:48:23 otherwise libcrypt will not have symbols that some DSOs require 2016-03-01 15:48:36 sslv2 is still not used by default after the security update 2016-03-01 15:48:39 i can push with those flags 2016-03-01 15:48:40 fabled: what worries me is if it introduce new symbols 2016-03-01 15:48:49 that's not a problem 2016-03-01 15:48:55 ok 2016-03-01 15:49:07 though 2016-03-01 15:49:11 i hope it does not change abi 2016-03-01 15:49:22 as in modify some user visible struct 2016-03-01 15:49:33 at this point nothing surprises me 2016-03-01 15:49:49 i wonder if we should just backport the patches 2016-03-01 15:49:53 for the stable branches 2016-03-01 15:49:59 ncopa, do you want me to push to master? 2016-03-01 15:50:04 rnalrd: yes pls 2016-03-01 15:50:08 ncopa, the patches are broke 2016-03-01 15:50:20 the cve fix intentionally does that 2016-03-01 15:50:24 changed the defaults 2016-03-01 15:50:29 yes 2016-03-01 15:50:46 sigh 2016-03-01 15:54:03 hmm, are i am the only one who feels like this is a horrible solution? shipping ssl2 for broken applications? 2016-03-01 15:54:52 leo-unglaub, the cve fix disables it even if it's enabled 2016-03-01 15:55:17 after the cve fix, the app needs to explicitly enable "yes i want to broken ssl2" flag before getting it 2016-03-01 15:55:43 SSLv2 is now by default disabled at build-time. Builds that are not configured 2016-03-01 15:55:43 with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, 2016-03-01 15:55:43 users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will 2016-03-01 15:55:43 need to explicitly call either of: 2016-03-01 15:55:43 SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); 2016-03-01 15:55:44 or 2016-03-01 15:55:46 SSL_clear_options(ssl, SSL_OP_NO_SSLv2); 2016-03-01 15:55:48 as appropriate. 2016-03-01 15:55:50 ncopa, shall I hold the update for 3.3-stable or shall I push it? 2016-03-01 15:56:15 yes, but still. i would prefer to have an app that specificly wants ssl2 to crash instead of getting ssl2 not visible for the user 2016-03-01 15:56:18 fabled: we push fix for 3.3? with the needed compile options? 2016-03-01 15:56:35 rnalrd: can we jsut do basic check if it works? 2016-03-01 15:56:54 leo-unglaub, there are few valid use cases for sslv2 still; but yeah. it'd be better to just get rid of it. i'm sure we'll do that for edge soonish 2016-03-01 15:57:02 guess, I'll do tm, since gotta run, ncopa 2016-03-01 15:57:09 ncopa, yeah, i think we push fixes with those config options to -stables 2016-03-01 15:57:19 maybe do few more tests still? 2016-03-01 15:58:09 fabled: what are valid usecases for ssl2??? 2016-03-01 15:58:17 curl works atleast 2016-03-01 15:58:29 leo-unglaub, interop with broken devices inside private network 2016-03-01 15:58:30 anybody has not yet updated openssl on edge? 2016-03-01 15:58:47 ncopa, i'm still on 1.0.2f 2016-03-01 15:58:52 should probably do nm -D 2016-03-01 15:58:56 list all symbols 2016-03-01 15:58:59 and compare 2016-03-01 15:59:17 ncopa, for libcrypto http://sprunge.us/feHA 2016-03-01 15:59:29 ncopa, for libssl http://sprunge.us/MPTQ 2016-03-01 15:59:43 thanks 2016-03-01 16:02:22 $ diff -u libcrypto.a libcrypto.b | tpaste 2016-03-01 16:02:22 http://tpaste.us/2D8R 2016-03-01 16:02:41 looks ok 2016-03-01 16:02:46 i think those were added as result of other CVEs 2016-03-01 16:03:37 yes, Memory leak in SRP database lookups (CVE-2016-0798) fix added that 2016-03-01 16:03:39 it's ok 2016-03-01 16:03:39 libssl has no symbol changes 2016-03-01 16:03:44 its ok 2016-03-01 16:03:52 ship it 2016-03-01 16:03:53 ;) 2016-03-01 16:03:57 rnalrd: please push to stable 2016-03-01 16:04:07 maybe merge the commits 2016-03-01 16:04:23 ncopa, didn't rnalrd just run 2016-03-01 16:04:25 and add the #fixes 2016-03-01 16:04:28 guess, I'll do tm, since gotta run, ncopa 2016-03-01 16:04:32 aw 2016-03-01 16:04:32 ok 2016-03-01 16:04:44 i'll do it then 2016-03-02 12:15:25 ncopa, i test build and push Trevor's and N. Johnson's patches? or you have any review comments? 2016-03-02 12:18:50 i'm ok if you are ok 2016-03-02 12:19:24 i'm pushing 4.1.8 kernel to 3.3-stable 2016-03-02 12:26:34 >>> musl-dbg*: Create checksum... 2016-03-02 12:26:35 Error relocating /usr/bin/openssl: SSLv2_client_method: symbol not found 2016-03-02 12:26:35 Error relocating /usr/bin/openssl: SSLv2_server_method: symbol not found 2016-03-02 12:26:43 ssl is broke on edge/arm 2016-03-02 12:31:34 ncopa, did you fix edge builders manually after the openssl abi breakage? 2016-03-02 12:32:13 no 2016-03-02 12:32:36 huh 2016-03-02 12:32:42 libssl is upgraded but openssl not 2016-03-02 12:32:49 i thought rebuilding openssl should be enough 2016-03-02 12:32:55 something is holding it back 2016-03-02 12:33:15 WARNING: Ignoring /home/buildozer/packages/main/armhf/APKINDEX.tar.gz: UNTRUSTED signature 2016-03-02 12:33:39 apk broken? 2016-03-02 12:33:47 no 2016-03-02 12:35:18 i think it failed the openssl upgrade, and that caused openssl binary to break --> index signing broke 2016-03-02 12:36:29 ok 2016-03-02 12:36:31 should be fixed 2016-03-03 11:57:06 [ 71%] Built target query_cache_info 2016-03-03 11:57:07 Scanning dependencies of target libmysql 2016-03-03 11:57:07 [ 71%] Building CXX object libmysql/CMakeFiles/libmysql.dir/libmysql_exports_file.cc.o 2016-03-03 11:57:07 [ 71%] Linking CXX shared library libmysqlclient.so 2016-03-03 11:57:07 ../mysys/libmysys.a(my_context.c.o): In function `my_context_spawn_internal': 2016-03-03 11:57:07 /home/buildozer/aports/main/mariadb/src/mariadb-10.1.12/mysys/my_context.c:63: undefined reference to `setcontext' 2016-03-03 11:57:10 ../mysys/libmysys.a(my_context.c.o): In function `my_context_continue': 2016-03-03 11:57:12 /home/buildozer/aports/main/mariadb/src/mariadb-10.1.12/mysys/my_context.c:77: undefined reference to `swapcontext' 2016-03-03 11:57:15 seems mariadb does not build on arm 2016-03-03 11:59:22 how does it work on x86_64? musl does not support *context stuff 2016-03-03 12:00:43 oh, it has asm implementation for x86 and x86_64 2016-03-03 12:01:44 http://osdir.com/ml/maria-discuss-database/2013-06/msg00014.html 2016-03-03 12:04:16 mmm.. musl ships the header but not the implementation 2016-03-08 07:43:02 did notice algibot msg few days back, 2016-03-08 07:43:04 < algitbot> aports:3.3-stable |Natanael Copa| testing/flashcache-grsec: rebuild against kernel 4.1.18-r0 | http://dup.pw/aports/b438c22b 2016-03-08 07:43:32 why building testing/, where is it pushing to? 2016-03-08 09:14:22 http://build.alpinelinux.org/buildlogs/build-edge-armhf/main/rt4/rt4-4.4.0-r0.log 2016-03-08 09:46:33 uh 2016-03-08 10:23:29 hi, I'm hitting this issue using the openssl command: Error relocating /usr/bin/openssl: SRP_user_pwd_free: symbol not found 2016-03-08 10:23:47 I see it was discussed here before, what should I do about it? http://dev.alpinelinux.org/irclogs/%23alpine-commits-2016-03.log 2016-03-08 10:24:20 byte[]: join #alpine-devel 2016-03-08 10:24:25 there more people read it 2016-03-08 10:24:31 ok 2016-03-08 10:24:36 here is some bot logs only, most people miss it here 2016-03-08 10:24:51 thanks 2016-03-08 11:06:13 rt4 needs mariadb which is not avail on armhf 2016-03-08 11:06:37 i need to disable rt4 on armhf i guess 2016-03-08 11:08:32 rnalrd, urgh. ok. yes, i disabled mariadb due to the new async stuff that is not portable 2016-03-08 11:08:40 yes, let's disable rt4 on arm for now 2016-03-08 11:32:59 oh - rt4 is noarch 2016-03-08 11:33:30 ncopa, do we have a way to keep noarch but say "don't do this on arm" since some of the dependencies are not there 2016-03-08 11:34:16 not really 2016-03-08 11:34:35 ugh 2016-03-08 11:34:50 its mariadb isnt it? 2016-03-08 11:35:27 yes 2016-03-08 11:35:41 the new version has async stuff that is not fully portable 2016-03-08 11:35:53 for x86/x86_64 it works due to built-in asm stuff 2016-03-08 11:36:00 for glibc it works via makecontext stuff 2016-03-08 11:36:13 but musl/arm has neither 2016-03-08 11:37:08 the actual builder error message is: 2016-03-08 11:37:08 perl-dbd-mysql-4.033-r0[so:libmysqlclient.so.18] 2016-03-08 11:37:31 hum 2016-03-08 11:37:46 that's now built against mariadb 2016-03-08 11:38:22 i wonder if we should patch mariadb to build and just make the async funcs return error 2016-03-08 11:38:56 in fact, just deleting ucontext.h from musl should fix mariadb build 2016-03-08 11:39:23 maybe better is to patch it to detect if makecontext really exists 2016-03-08 11:51:07 i wonder if we just delete ucontext.h from musl-dev. that should fix mariadb build on arm (leaving the async api there in unimplemented state) 2016-03-08 13:22:32 ncopa, rnalrd : i think i just delete ucontext.h from musl-dev, and re-enable mariadb on armhf 2016-03-08 13:22:36 any objections? 2016-03-08 13:25:19 k for me 2016-03-08 13:26:42 i wonder if it'll break anything 2016-03-08 13:26:51 well, it's edge 2016-03-08 13:27:00 i'll fix it somehow if breakage occurs 2016-03-08 16:10:21 fabled: :| 2016-03-08 16:10:31 src/trap.c:32:22: fatal error: ucontext.h: No such file or directory 2016-03-09 09:52:26 algitbot: retry 2016-03-09 12:59:19 fcolista has been busy today 2016-03-09 13:00:07 :) 2016-03-09 13:00:30 just checking upgrades for packages that i maintain 2016-03-09 13:00:50 quite a few in testing 2016-03-09 13:01:00 any plans for moving to community? 2016-03-09 13:01:22 just curious 2016-03-09 13:43:56 dnssec-tools does not have -doc subpkg? 2016-03-09 13:45:31 probably built on other archs before that was made mandatory in abuild 2016-03-11 13:22:52 so 2016-03-11 13:23:02 firefox fails because SHELL is not in environment for x86 builder 2016-03-11 13:23:08 but x86_64 has it 2016-03-11 13:31:05 /home/buildozer/aports/testing/firefox/src/firefox-45.0/mozglue/misc/StackWalk.cpp:938:4: error: #error Unsupported configuration 2016-03-11 15:43:16 figured. 2016-03-13 21:17:45 oh, perl-test-simple and perl-test-tester seem to conflict 2016-03-13 21:17:52 that's why netdot doesn't build successfully 2016-03-14 11:18:01 upf 2016-03-14 11:52:25 algitbot: retry 3.3-stable 2016-03-14 11:52:50 algitbot: retry 3.3-stable 2016-03-14 11:55:46 > Exception: Could not detect environment shell! 2016-03-14 11:55:51 uhh, what's that abouts 2016-03-14 11:55:52 *? 2016-03-14 13:02:10 algitbot: retry 3.3-stable 2016-03-14 13:04:54 ncopa, are you able to purge owncloud* source tarballs from 3.3-stable? ^^^ 2016-03-14 13:45:41 rnalrd: owncloud-8.2.3.*? 2016-03-14 13:46:08 done 2016-03-14 13:46:09 i think 2016-03-14 13:46:11 tnx 2016-03-14 13:46:29 algitbot: retry 3.3-stable 2016-03-14 13:47:03 umpf 2016-03-14 13:47:13 http://build.alpinelinux.org/buildlogs/build-3-3-x86/main/owncloud/owncloud-8.2.3-r0.log 2016-03-14 13:47:25 i've deleted all tarballs locally and checksum matches 2016-03-14 13:48:02 owncloud-contacts-0.5.0.0.tar.gz: FAILED 2016-03-14 13:48:34 algitbot: retry 3.3-stable 2016-03-14 13:48:44 i cannot remove owncloud-* due to GPL 2016-03-14 13:48:55 we need keep sources for older versions 2016-03-14 13:49:08 np, 8.2.3 should have done it 2016-03-18 06:28:14 oh 2016-03-18 06:28:19 mbedtls is in testing 2016-03-18 06:28:36 mbedtls1 was in main but got deleted 2016-03-18 06:29:47 maybe we should move mbedtls1 and monkey both to community 2016-03-18 08:25:11 algitbot: retry 3.3-stable 2016-03-18 09:08:04 whee 2016-03-18 09:08:12 arm 3.3 builder is ready 2016-03-18 09:51:34 bah, php7 is still not built for x86; need will fix 2016-03-18 15:34:35 algitbot: retry master 2016-03-18 15:35:50 ncopa: did i break it again? 2016-03-18 20:31:17 fabled: can you fix the builder? 2016-03-20 02:18:43 huh? mpd failed to build on x86? The buildlog doesn't indicate an error… 2016-03-23 09:35:53 algitbot: retry 2016-03-23 09:36:05 algitbot: retry master 2016-03-23 09:36:18 ncopa, 3.3-stable 2016-03-23 09:36:24 algitbot: retry 3.3-stable 2016-03-23 09:36:29 ah, thats it 2016-03-23 09:36:44 i think msg.alpinelinux.org had bad dns cached 2016-03-23 09:37:04 i'll restart unbound on bld2 2016-03-23 09:37:31 algitbot: retry master 2016-03-25 09:29:21 uh? 2016-03-25 09:31:17 missing py- something dependency 2016-03-25 09:31:21 maybe it's in community or testing? 2016-03-25 09:31:25 patchworks is in main 2016-03-25 09:31:26 it's in testing 2016-03-25 09:31:29 gotta move in main 2016-03-25 09:33:16 ok. 2016-03-25 09:41:23 uff 2016-03-25 09:41:33 is changed _builddir to builddir 2016-03-25 09:44:27 build-edge-armhf: retry 2016-03-25 09:46:20 fabled, any hint why arm failed to check the builddir? ^ 2016-03-25 10:06:09 fcolista: i think that because of recent abuild changes 2016-03-25 10:06:21 try apk update on your dev env 2016-03-25 10:06:26 I did it 2016-03-25 10:08:18 ah ok. so only on arm it fails. 2016-03-25 10:08:26 yes 2016-03-25 10:08:27 right 2016-03-25 10:08:28 dunno why 2016-03-25 14:38:35 build in zfs support in alpine, that would be nice :) 2016-03-25 14:40:24 ACTION hands ncopa a beer 2016-03-25 15:04:58 did you fix zfs? 2016-03-25 15:04:59 man 2016-03-25 15:05:13 ACTION hands clandmeter a beer 2016-03-25 15:05:36 any news on zfs on ubuntu licensing problem? 2016-03-25 15:26:44 I didnt read up on it 2016-03-26 14:23:09 urgh 2016-03-26 14:23:34 my bad 2016-03-30 11:51:44 huh 2016-03-30 11:51:49 readkey worked for me 2016-03-30 11:53:43 happens when it's built outside of console 2016-03-30 12:05:08 seems upstream issue: https://github.com/jonathanstowe/TermReadKey/issues/7 2016-03-31 14:34:55 i will fix that qt5 thingy 2016-03-31 14:34:57 i'm on it 2016-03-31 14:35:57 ok