From dokas@cdward.oitsec.umn.edu  Mon Dec 28 21:30:52 2009
Return-Path: <dokas@cdward.oitsec.umn.edu>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7EE181065693
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 28 Dec 2009 21:30:52 +0000 (UTC)
	(envelope-from dokas@cdward.oitsec.umn.edu)
Received: from cdward.oitsec.umn.edu (cdward.oitsec.umn.edu [160.94.247.237])
	by mx1.freebsd.org (Postfix) with ESMTP id 5FB078FC22
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 28 Dec 2009 21:30:51 +0000 (UTC)
Received: by cdward.oitsec.umn.edu (Postfix, from userid 1003)
	id 4A9082841C; Mon, 28 Dec 2009 15:30:51 -0600 (CST)
Message-Id: <20091228213051.4A9082841C@cdward.oitsec.umn.edu>
Date: Mon, 28 Dec 2009 15:30:51 -0600 (CST)
From: Paul Dokas <dokas@oitsec.umn.edu>
Reply-To: Paul Dokas <dokas@oitsec.umn.edu>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: tor-devel-0.2.2.6a and recent openssl patches don't work well together
X-Send-Pr-Version: 3.113
X-GNATS-Notify: peter.thoenen@yahoo.com

>Number:         142111
>Category:       ports
>Synopsis:       security/tor-devel: tor-devel-0.2.2.6a and recent openssl patches don't work well together
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    miwi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 28 21:40:01 UTC 2009
>Closed-Date:    Mon Jan 25 09:18:04 UTC 2010
>Last-Modified:  Mon Jan 25 09:18:04 UTC 2010
>Originator:     Paul Dokas
>Release:        FreeBSD 8.0-RELEASE-p1 amd64
>Organization:
University of Minnesota
>Environment:
System: FreeBSD host.umn.edu 8.0-RELEASE-p1 FreeBSD 8.0-RELEASE-p1 #0: Wed Dec 23 08:14:54 CST 2009 root@host.umn.edu:/usr/obj/usr/src/sys/O-8B amd64
>Description:
After upgrading my machine to 8.0 and rebuilding all installed ports, I
found that tor no longer functions.  It's logging these errors:

Dec 28 15:21:34.464 [notice] Application request when we're believed to be offline. Optimistically trying directory fetches again.
Dec 28 15:21:34.600 [warn] TLS error: unexpected close while renegotiating (SSL_ST_OK)
Dec 28 15:21:34.600 [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 611;
recommendation warn)
Dec 28 15:21:34.809 [warn] TLS error: unexpected close while renegotiating (SSL_ST_OK)
Dec 28 15:21:34.809 [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 612;
recommendation warn)
Dec 28 15:22:50.697 [warn] TLS error: unexpected close while renegotiating (SSL_ST_OK)
Dec 28 15:22:50.697 [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 613;
recommendation warn)

>How-To-Repeat:
build security/tor-devel and attempt to use it

>Fix:

https://bugs.torproject.org/flyspray/index.php?do=details&id=1144

Here's their analysis:

"The problem is that FreeBSD decided to patch openssl to disallow renegotiation,
 without giving applications a way to re-enable it like openssl upstream did. Tor
 will not work on those system until they have changed this, or Tor is updated to
 work without renegotiation. This might take a long time to happen, though."
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Thu Dec 31 06:41:38 UTC 2009 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142111 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: peter.thoenen@yahoo.com
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/142111: security/tor-devel - tor-devel-0.2.2.6a and recent openssl patches don't work well together
Date: Thu, 31 Dec 2009 06:41:37 UT

 Maintainer of security/tor-devel,
 
 Please note that PR ports/142111 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/142111
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org

From: Olexandr Davydenko <o.davydenko@gmail.com>
To: bug-followup@FreeBSD.org, dokas@oitsec.umn.edu
Cc:  
Subject: Re: ports/142111: security/tor-devel: tor-devel-0.2.2.6a and recent 
	openssl patches don't work well together
Date: Wed, 6 Jan 2010 11:44:22 +0200

 Found workaround: use libssl.so.5 from ports/misc/compat7x
 
 /etc/libmap.conf:
 [/usr/local/bin/tor]
 libssl.so.6                     compat/libssl.so.5
 
 Both security/tor and security/tor-devel works fine.

From: "b. f." <bf1783@googlemail.com>
To: bug-followup@FreeBSD.org
Cc: Paul Dokas <dokas@oitsec.umn.edu>, peter.thoenen@yahoo.com, miwi@FreeBSD.org
Subject: Re: ports/142111: security/tor-devel: tor-devel-0.2.2.6a and recent 
	openssl patches don't work well together
Date: Wed, 13 Jan 2010 13:55:04 -0500

 --0016e6d56640f04a09047d104e83
 Content-Type: text/plain; charset=ISO-8859-1
 
 It should still work WITH_OPENSSL_PORT.  Unfortunately, recent changes
 have meant that this choice is not respected.  I've attached a patch
 that once again allows security/tor-devel to be used with the
 security/openssl port, rather than with the base system openssl.
 
 Regards,
                b.
 
 --0016e6d56640f04a09047d104e83
 Content-Type: text/plain; charset=US-ASCII; name="tor-devel_openssl_diff.txt"
 Content-Disposition: attachment; filename="tor-devel_openssl_diff.txt"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: file0
 
 LS0tIE1ha2VmaWxlLm9yaWcJMjAxMC0wMS0xMyAxMzo1MjowNC4wMDAwMDAwMDAgLTA1MDAKKysr
 IE1ha2VmaWxlCTIwMTAtMDEtMTMgMTA6MDA6NDIuMDAwMDAwMDAwIC0wNTAwCkBAIC0yMyw2ICsy
 Myw3IEBACiAKIEdOVV9DT05GSUdVUkU9CXllcwogVVNFX09QRU5TU0w9CXllcworQ09ORklHVVJF
 X0FSR1MrPQktLXdpdGgtb3BlbnNzbC1kaXI9IiR7T1BFTlNTTEJBU0V9IgogQ1BQRkxBR1MrPQkt
 SSR7TE9DQUxCQVNFfS9pbmNsdWRlCiBDT05GSUdVUkVfRU5WKz0JQ1BQRkxBR1M9IiR7Q1BQRkxB
 R1N9IgogTUFLRV9KT0JTX1VOU0FGRT0JeWVzCg==
 --0016e6d56640f04a09047d104e83--

From: Peter Thoenen <peter.thoenen@yahoo.com>
To: "b. f." <bf1783@googlemail.com>, bug-followup@FreeBSD.org
Cc: Paul Dokas <dokas@oitsec.umn.edu>, miwi@FreeBSD.org
Subject: Re: ports/142111: security/tor-devel: tor-devel-0.2.2.6a and recent  openssl patches don't work well together
Date: Wed, 13 Jan 2010 10:57:07 -0800 (PST)

 Relocating to Hawaii at the moment, unable to test; approved.
 
 
 
 ----- Original Message ----
 > From: b. f. <bf1783@googlemail.com>
 > To: bug-followup@FreeBSD.org
 > Cc: Paul Dokas <dokas@oitsec.umn.edu>; peter.thoenen@yahoo.com; miwi@FreeBSD.org
 > Sent: Wed, January 13, 2010 6:55:04 PM
 > Subject: Re: ports/142111: security/tor-devel: tor-devel-0.2.2.6a and recent  openssl patches don't work well together
 > 
 > It should still work WITH_OPENSSL_PORT.  Unfortunately, recent changes
 > have meant that this choice is not respected.  I've attached a patch
 > that once again allows security/tor-devel to be used with the
 > security/openssl port, rather than with the base system openssl.
 > 
 > Regards,
 >                b.
 
State-Changed-From-To: feedback->open 
State-Changed-By: linimon 
State-Changed-When: Wed Jan 13 22:55:20 UTC 2010 
State-Changed-Why:  
Approved by maintainer after visual inspection. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142111 
Responsible-Changed-From-To: freebsd-ports-bugs->miwi 
Responsible-Changed-By: miwi 
Responsible-Changed-When: Mon Jan 18 23:46:33 UTC 2010 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142111 
State-Changed-From-To: open->closed 
State-Changed-By: miwi 
State-Changed-When: Mon Jan 25 09:18:03 UTC 2010 
State-Changed-Why:  
newer pr in 143050 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142111 
>Unformatted:
