Message ID | 20211112185909.1324077-1-unixmania@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | package/mksh: fix project URL in Config.in | expand |
Carlos, All, On 2021-11-12 15:59 -0300, unixmania@gmail.com spake thusly: > From: Carlos Santos <unixmania@gmail.com> > > It's https://www.mirbsd.org/mksh.htm ... which does not support TLS 1.2, and so recent browsers whine about an insecure connection, like Firefox: Secure Connection Failed An error occurred during a connection to www.mirbsd.org. Peer using unsupported version of security protocol. Error code: SSL_ERROR_UNSUPPORTED_VERSION * The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. * Please contact the website owners to inform them of this problem. [Learn moreā¦] This website might not support the TLS 1.2 protocol, which is the minimum version supported by Firefox. Enabling TLS 1.0 and TLS 1.1 might allow this connection to succeed. TLS 1.0 and TLS 1.1 will be permanently disabled in a future release. And indeed, enabling TLS 1.0 and 1.1 allows the connection to succeed... Too bad... :-( And of course, we can't download it either, of course, but fortunately, there is the fallback to s.b.o : >>> mksh 59c Downloading wget --passive-ftp -nd -t 3 -O '/home/ymorin/dev/buildroot/O/build/.mksh-R59c.tgz.5iZMHq/output' 'https://www.mirbsd.org/MirOS/dist/mir/mksh/mksh-R59c.tgz' --2021-11-12 20:24:00-- https://www.mirbsd.org/MirOS/dist/mir/mksh/mksh-R59c.tgz Resolving www.mirbsd.org (www.mirbsd.org)... 62.138.145.52, 2001:470:1f0b:76c::1 Connecting to www.mirbsd.org (www.mirbsd.org)|62.138.145.52|:443... connected. OpenSSL: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol Unable to establish SSL connection. wget --passive-ftp -nd -t 3 -O '/home/ymorin/dev/buildroot/O/build/.mksh-R59c.tgz.ojSduH/output' 'http://sources.buildroot.net/mksh/mksh-R59c.tgz' --2021-11-12 20:24:01-- http://sources.buildroot.net/mksh/mksh-R59c.tgz Resolving sources.buildroot.net (sources.buildroot.net)... 172.67.72.56, 104.26.1.37, 104.26.0.37, ... Connecting to sources.buildroot.net (sources.buildroot.net)|172.67.72.56|:80... connected. HTTP request sent, awaiting response... 200 OK Meh... :-( Should we switch over to using plain http instead? It is not much less secure than TLS 1.0 or 1.1, for which there are known and practical attacks, and plain http will work. Also, we do have the hashes, so we can at least assess the integrity and authenticity of the download. Regards, Yann E. MORIN. > Signed-off-by: Carlos Santos <unixmania@gmail.com> > --- > package/mksh/Config.in | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/package/mksh/Config.in b/package/mksh/Config.in > index e6ccc90646..098f9840e5 100644 > --- a/package/mksh/Config.in > +++ b/package/mksh/Config.in > @@ -22,4 +22,4 @@ config BR2_PACKAGE_MKSH > operating environments > (thus including patches from pdksh on e.g. Debian). > > - http://mirbsd.de/mksh > + https://www.mirbsd.org/mksh.htm > -- > 2.27.0 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
COn Fri, Nov 12, 2021 at 4:33 PM Yann E. MORIN <yann.morin.1998@free.fr> wrote: > > Carlos, All, > > On 2021-11-12 15:59 -0300, unixmania@gmail.com spake thusly: > > From: Carlos Santos <unixmania@gmail.com> > > > > It's https://www.mirbsd.org/mksh.htm > > ... which does not support TLS 1.2, and so recent browsers whine about > an insecure connection, like Firefox: > [...] > > And indeed, enabling TLS 1.0 and 1.1 allows the connection to succeed... > Too bad... :-( > > And of course, we can't download it either, of course, but fortunately, > there is the fallback to s.b.o : > > >>> mksh 59c Downloading > wget --passive-ftp -nd -t 3 -O '/home/ymorin/dev/buildroot/O/build/.mksh-R59c.tgz.5iZMHq/output' 'https://www.mirbsd.org/MirOS/dist/mir/mksh/mksh-R59c.tgz' > --2021-11-12 20:24:00-- https://www.mirbsd.org/MirOS/dist/mir/mksh/mksh-R59c.tgz > Resolving www.mirbsd.org (www.mirbsd.org)... 62.138.145.52, 2001:470:1f0b:76c::1 > Connecting to www.mirbsd.org (www.mirbsd.org)|62.138.145.52|:443... connected. > OpenSSL: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol > Unable to establish SSL connection. > wget --passive-ftp -nd -t 3 -O '/home/ymorin/dev/buildroot/O/build/.mksh-R59c.tgz.ojSduH/output' 'http://sources.buildroot.net/mksh/mksh-R59c.tgz' > --2021-11-12 20:24:01-- http://sources.buildroot.net/mksh/mksh-R59c.tgz > Resolving sources.buildroot.net (sources.buildroot.net)... 172.67.72.56, 104.26.1.37, 104.26.0.37, ... > Connecting to sources.buildroot.net (sources.buildroot.net)|172.67.72.56|:80... connected. > HTTP request sent, awaiting response... 200 OK > > Meh... :-( > > Should we switch over to using plain http instead? It is not much less > secure than TLS 1.0 or 1.1, for which there are known and practical > attacks, and plain http will work. Also, we do have the hashes, so we > can at least assess the integrity and authenticity of the download. I already reported the problem to the project owner. Waiting for a response.
Carlos, All, On 2021-11-12 17:47 -0300, Carlos Santos spake thusly: > COn Fri, Nov 12, 2021 at 4:33 PM Yann E. MORIN <yann.morin.1998@free.fr> wrote: > > On 2021-11-12 15:59 -0300, unixmania@gmail.com spake thusly: > > > From: Carlos Santos <unixmania@gmail.com> > > > It's https://www.mirbsd.org/mksh.htm > > ... which does not support TLS 1.2, and so recent browsers whine about > > an insecure connection, like Firefox: [--SNIP--] > I already reported the problem to the project owner. Waiting for a response. Ok, cool. Thanks! Regards, Yann E. MORIN.
On Fri, 12 Nov 2021 15:59:09 -0300 unixmania@gmail.com wrote: > From: Carlos Santos <unixmania@gmail.com> > > It's https://www.mirbsd.org/mksh.htm > > Signed-off-by: Carlos Santos <unixmania@gmail.com> > --- > package/mksh/Config.in | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) I've changed to use http:// instead of https:// as for now the https:// version is broken, and applied to master. Thanks! Thomas
>>>>> "unixmania" == unixmania <unixmania@gmail.com> writes: > From: Carlos Santos <unixmania@gmail.com> > It's https://www.mirbsd.org/mksh.htm > Signed-off-by: Carlos Santos <unixmania@gmail.com> Committed to 2021.02.x and 2021.08.x, thanks.
diff --git a/package/mksh/Config.in b/package/mksh/Config.in index e6ccc90646..098f9840e5 100644 --- a/package/mksh/Config.in +++ b/package/mksh/Config.in @@ -22,4 +22,4 @@ config BR2_PACKAGE_MKSH operating environments (thus including patches from pdksh on e.g. Debian). - http://mirbsd.de/mksh + https://www.mirbsd.org/mksh.htm