From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) by sourceware.org (Postfix) with ESMTPS id 9461B3858C52 for ; Tue, 10 Jan 2023 12:57:05 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9461B3858C52 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=google.com Received: by mail-wr1-x433.google.com with SMTP id v2so633005wrw.10 for ; Tue, 10 Jan 2023 04:57:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=7jws7b7i98l7vXkKaZaDgQL7bn0zvB2y4xx9msYdoZw=; b=KpClZ2Ol858GJFbg8PxYH0bm8QcJif/Um7r/YSwGTlnizfmdGkCNaeh5j43pNPzHor /MlbkZ5DDg3VFILBIV9qhfRCb3AiMdyLYGlHFREc4Tq7o73Mau57A7qXUOE/TBYMgMQ7 BJVSpFvGIzOoEtyaXIOjrg1xyyCyVVYylRq1SQEdK2gjFuyWoNPLZEQb6cAnaBFOuClk V0HUiZJw7Ab8Zn0NloQXboaiWk6Y2ctFuuBbaDV3QJXB8bg15ubFmj+GMs8Ud/B+NflL fg4ghvhI6ckGWF3GY/ccQj8YcgAV14naMgZdUyB51L4wiZlss04Yg9Qjde1rzphfEi/1 U4IQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=7jws7b7i98l7vXkKaZaDgQL7bn0zvB2y4xx9msYdoZw=; b=IX2YF7EGQqf6mmxf6qAM1sGHzBJXs6f1rJfc2UNFOBk3NnvIyWuKQrkBi0ZRvWAG2a wWgL2yj4YpchLKkbC9v4C4r/Wi7DxyVljhWo/JbFVwHIyuzmtTa494AU1POYuz0phVPn iKYcoXvCUja2U6E8Q0QM+D9tXkpWyeq6y8kXYNqQyiuX40Dv/mUseM1yml0x641q5R9q b2l25giraNqC2Db1e1V1DqAHQg2U0bxhs9cjjRn7nXmFcnVQuLMYJ6GD05yd9AxiBmpE xp5PKJxCbiDXhMB8I5XsG3ajIO/ZTPpRxpO6S8juCi65PYgPcw78VORJORXE9pWPErTP hk8A== X-Gm-Message-State: AFqh2kq9VsIV+bAKv58yqSrCbtHbhOq8EFMGwL6Kf8oVde/0O9LYdHXO uE2gtXzLLFZGLvAs6OKVj15uBB7yjBlZgK7JQowznD+do89/GOYf X-Google-Smtp-Source: AMrXdXvFL1uhGxaemvQQaAkHnaIBfICnK40MdjpKMWuB3KAckCy3DJmczBIppIxXPnH8vZ86CQ4Pm0Vr5hzFqWmffb4= X-Received: by 2002:a05:6000:1b81:b0:245:c489:2e6f with SMTP id r1-20020a0560001b8100b00245c4892e6fmr1698650wru.101.1673355423621; Tue, 10 Jan 2023 04:57:03 -0800 (PST) MIME-Version: 1.0 From: Federico Iezzi Date: Tue, 10 Jan 2023 13:56:25 +0100 Message-ID: Subject: urgent - Google Cloud public subnet blacklisted by gcc.org To: gcc@gcc.gnu.org, abuse@support.gandi.net Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-15.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH,KAM_SHORT,LOTS_OF_MONEY,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hey everybody, Apologies for this request, and perhaps the wrong mailing list. I hope this gets the right level of attention. It seems like the GCC frontend/WAF have blacklisted the entire subnet used by Google Cloud for Internet access. Follows some traces. Could you please unblock us? It's really important that this gets sorted out as quickly as possible. Any Google Cloud customer using GCC is completely unable to do so. $ curl ifconfig.me 35.234.162.99 $ curl -v -o /dev/null -L gcc.gnu.org % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 8.43.85.97:80... * Connected to gcc.gnu.org (8.43.85.97) port 80 (#0) > GET / HTTP/1.1 > Host: gcc.gnu.org > User-Agent: curl/7.81.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 403 Forbidden <================== 403 status code < Date: Tue, 10 Jan 2023 12:47:36 GMT < Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.70 mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3 < Content-Length: 318 < Content-Type: text/html; charset=iso-8859-1 < { [318 bytes data] 100 318 100 318 0 0 1628 0 --:--:-- --:--:-- --:--:-- 1630 * Connection #0 to host gcc.gnu.org left intact $ openssl s_client -connect gcc.gnu.org:443 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = gcc.gnu.org verify return:1 --- Certificate chain 0 s:CN = gcc.gnu.org i:C = US, O = Let's Encrypt, CN = R3 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 1 03:06:21 2023 GMT; NotAfter: Apr 1 03:06:20 2023 GMT 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFHDCCBASgAwIBAgISA0MlBNNOfNOyyCm05C8ADkiKMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzAxMDEwMzA2MjFaFw0yMzA0MDEwMzA2MjBaMBYxFDASBgNVBAMT C2djYy5nbnUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HG7 XIr/cqKN8VasqxmCUsRjnqtGvqV1X5EFkSK5KYqO5q3qzmTDW+++x0hj3Fjmr+Sz gul1a7Ws5juz53u/ZE9s0nFFNNNMe8dYoWFnMZGuZtLtjOPcefwpdTSr8jgfgXX/ xtb26/1764Ur8AEYLgKvCWOUwSG76SFeJP8hLeB6vva/IviM74A5iA1rN8oKbnZx Xh8pPha+a/zTWQFjPIy7jswyBJEVGL4jgtap7tq3gKKzYDcn0KR6vQ2vy02FeLsa r7hEePflsveSsILaq/yXsVlzg2wQyRqJf80B50UDe6/oJwVbQ1xtB25WYvugCgC1 2EffvxZEFce5z5hANQIDAQABo4ICRjCCAkIwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW BBT2ZpZq6vJKyza5vHKsu6XMspWaPjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDm H6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5v LmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAW BgNVHREEDzANggtnY2MuZ251Lm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3Bgsr BgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0 Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3ALc++yTfnE26dfI5xbpY9Gxd /ELPep81xJ4dCYEl7bSZAAABhWuCUn0AAAQDAEgwRgIhAJGKgClxZHwGOVJZw4BT xV1qi7/jKA2+DmQgixhtLPNlAiEAnj6QSgMroYH9uF1r46nlkRgd2IdOvtjY68o8 pqH5+0wAdQDoPtDaPvUGNTLnVyi8iWvJA9PL0RFr7Otp4Xd9bQa9bgAAAYVrglJ5 AAAEAwBGMEQCIHYVJijDvRCJtRpjtvxLlx6ZPavi3aTZyCY3XnABXqWwAiBXFVsi hihzouvqoxEjlaEb1zPTyhHlR93ZCnHcuogn+TANBgkqhkiG9w0BAQsFAAOCAQEA DUhNrKE1HfHekBZDsEEr3xGIFBsUOOCy6Qhb69foSQs9cpx07cZHFyUO0c/kQACv fbLykdvjjGq3vW4kOleLpCq8RH6BMSNAKvn9GJFVnjQu2vR9G+Wrm7yNiBACtdVv QLBHnu26WkO6AnL/WUJ5Uu4sJcs6NxIJkq26DQfKefDouC20+LBcz1PwoOEg1W0N 7gR4WY/gpGhFP57OspF607SlyWgS6dRR2WEloguQ6jOt9lqpyf/uRnxGr/es8ige GxDBZH6TxGC7gihbl53FAnusOeimEesqz1IhRIAorhrLniOFDyEdjUBBcigJMPYt yjj861MgdK+0FRLEQM2WRA== -----END CERTIFICATE----- subject=CN = gcc.gnu.org <================== No Proxy in between issuer=C = US, O = Let's Encrypt, CN = R3 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 4681 bytes and written 406 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: F2BFBAFB1D0DDAF2452069AEC037513168A2D4D0DCC1E6FCA16CFB64ACA345F1 Session-ID-ctx: Master-Key: E75FB7953CA1B56801AD6738BE0771EADB1D7760DA2A5B21B0203CB34731BE9F71F5531118827FCAB00FD121577D052C PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 67 6e 81 31 bf f4 94 ff-cc 41 95 f4 a6 dd 58 ba gn.1.....A....X. 0010 - 1c bf 40 99 f6 38 b0 2b-1b 60 c9 ef bf b9 b5 1c ..@..8.+.`...... 0020 - 28 9e 85 15 d1 82 0c 7e-b3 65 82 d0 2e 6f 77 71 (......~.e...owq 0030 - 48 b5 2c d3 c9 1a 1c 62-5c 0a c8 3e fd e6 9d bd H.,....b\..>.... 0040 - 16 ad 90 37 30 24 45 ee-a3 2d 73 b8 30 8b 02 95 ...70$E..-s.0... 0050 - 0d 55 e2 98 e9 b1 43 db-06 67 a1 4d 9d 83 5c 13 .U....C..g.M..\. 0060 - 5a 1e 21 0c c2 fc cc de-6b 10 cf 66 3a 68 db 26 Z.!.....k..f:h.& 0070 - 73 4b 54 7e 90 55 3b 54-a4 1e d0 16 59 65 e3 41 sKT~.U;T....Ye.A 0080 - 7f 75 27 87 f4 e1 ae 20-b2 11 6a 0f 72 7a 36 30 .u'.... ..j.rz60 0090 - 4f 64 7b ae dd c9 bb c1-67 1e e4 cd 18 fe 08 ec Od{.....g....... 00a0 - 60 fa a2 2c 0b 43 f2 55-af b5 e7 71 62 0c 88 bd `..,.C.U...qb... 00b0 - 7c f7 90 25 a5 27 01 c5-5e 32 9b 9a d1 33 b7 54 |..%.'..^2...3.T 00c0 - 61 2a bf a1 ca 24 13 18-1f aa c1 20 1a fc b9 68 a*...$..... ...h Start Time: 1673354833 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- $ curl -o /dev/null -v -L https://gcc.gnu.org % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 8.43.85.97:443... * Connected to gcc.gnu.org (8.43.85.97) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): } [5 bytes data] * TLSv1.3 (OUT), TLS handshake, Client hello (1): } [512 bytes data] * TLSv1.2 (IN), TLS header, Certificate Status (22): { [5 bytes data] * TLSv1.3 (IN), TLS handshake, Server hello (2): { [106 bytes data] * TLSv1.2 (IN), TLS header, Certificate Status (22): { [5 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [4014 bytes data] * TLSv1.2 (IN), TLS header, Certificate Status (22): { [5 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [300 bytes data] * TLSv1.2 (IN), TLS header, Certificate Status (22): { [5 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS header, Certificate Status (22): } [5 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [37 bytes data] * TLSv1.2 (OUT), TLS header, Finished (20): } [5 bytes data] * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): } [1 bytes data] * TLSv1.2 (OUT), TLS header, Certificate Status (22): } [5 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS header, Finished (20): { [5 bytes data] * TLSv1.2 (IN), TLS header, Certificate Status (22): { [5 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=gcc.gnu.org * start date: Jan 1 03:06:21 2023 GMT * expire date: Apr 1 03:06:20 2023 GMT * subjectAltName: host "gcc.gnu.org" matched cert's "gcc.gnu.org" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * TLSv1.2 (OUT), TLS header, Supplemental data (23): } [5 bytes data] * TLSv1.2 (OUT), TLS header, Supplemental data (23): } [5 bytes data] * TLSv1.2 (OUT), TLS header, Supplemental data (23): } [5 bytes data] * Using Stream ID: 1 (easy handle 0x56456e26e550) * TLSv1.2 (OUT), TLS header, Supplemental data (23): } [5 bytes data] > GET / HTTP/2 > Host: gcc.gnu.org > user-agent: curl/7.81.0 > accept: */* > * TLSv1.2 (IN), TLS header, Supplemental data (23): { [5 bytes data] * TLSv1.2 (OUT), TLS header, Supplemental data (23): } [5 bytes data] * TLSv1.2 (IN), TLS header, Supplemental data (23): { [5 bytes data] * TLSv1.2 (IN), TLS header, Supplemental data (23): { [5 bytes data] < HTTP/2 403 <================== Still 403 status code < date: Tue, 10 Jan 2023 12:43:12 GMT < server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.70 mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3 < content-length: 318 < content-type: text/html; charset=iso-8859-1 < { [318 bytes data] 100 318 100 318 0 0 546 0 --:--:-- --:--:-- --:--:-- 547 * Connection #0 to host gcc.gnu.org left intact $ GIT_CURL_VERBOSE=1 GIT_TRACE=1 git clone http://gcc.gnu.org/git/gcc.git 12:54:29.918761 git.c:455 trace: built-in: git clone http://gcc.gnu.org/git/gcc.git Cloning into 'gcc'... 12:54:29.921626 run-command.c:668 trace: run_command: git remote-http origin http://gcc.gnu.org/git/gcc.git 12:54:29.923332 git.c:742 trace: exec: git-remote-http origin http://gcc.gnu.org/git/gcc.git 12:54:29.924367 run-command.c:668 trace: run_command: git-remote-http origin http://gcc.gnu.org/git/gcc.git 12:54:29.929928 http.c:664 == Info: Couldn't find host gcc.gnu.org in the (nil) file; using defaults 12:54:29.930846 http.c:664 == Info: Trying 8.43.85.97:80... 12:54:30.032316 http.c:664 == Info: Connected to gcc.gnu.org (8.43.85.97) port 80 (#0) 12:54:30.032385 http.c:611 => Send header, 0000000233 bytes (0x000000e9) 12:54:30.032397 http.c:623 => Send header: GET /git/gcc.git/info/refs?service=git-upload-pack HTTP/1.1 12:54:30.032400 http.c:623 => Send header: Host: gcc.gnu.org 12:54:30.032403 http.c:623 => Send header: User-Agent: git/2.34.1 12:54:30.032406 http.c:623 => Send header: Accept: */* 12:54:30.032417 http.c:623 => Send header: Accept-Encoding: deflate, gzip, br, zstd 12:54:30.032427 http.c:623 => Send header: Accept-Language: C, *;q=0.9 12:54:30.032432 http.c:623 => Send header: Pragma: no-cache 12:54:30.032435 http.c:623 => Send header: Git-Protocol: version=2 12:54:30.032439 http.c:623 => Send header: 12:54:30.124540 http.c:664 == Info: Mark bundle as not supporting multiuse 12:54:30.124573 http.c:611 <= Recv header, 0000000024 bytes (0x00000018) 12:54:30.124579 http.c:623 <= Recv header: HTTP/1.1 403 Forbidden 12:54:30.124590 http.c:611 <= Recv header, 0000000037 bytes (0x00000025) 12:54:30.124601 http.c:623 <= Recv header: Date: Tue, 10 Jan 2023 12:54:30 GMT 12:54:30.124608 http.c:611 <= Recv header, 0000000134 bytes (0x00000086) 12:54:30.124623 http.c:623 <= Recv header: Server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.70 mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3 12:54:30.124635 http.c:611 <= Recv header, 0000000021 bytes (0x00000015) 12:54:30.124641 http.c:623 <= Recv header: Content-Length: 199 12:54:30.124647 http.c:611 <= Recv header, 0000000045 bytes (0x0000002d) 12:54:30.124662 http.c:623 <= Recv header: Content-Type: text/html; charset=iso-8859-1 12:54:30.124672 http.c:611 <= Recv header, 0000000002 bytes (0x00000002) 12:54:30.124681 http.c:623 <= Recv header: 12:54:30.124697 http.c:664 == Info: Connection #0 to host gcc.gnu.org left intact fatal: unable to access 'http://gcc.gnu.org/git/gcc.git/': The requested URL returned error: 403