Date: Sun, 11 Mar 2012 11:17:31 GMT From: Matt Dawson <matt@chronos.org.uk> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/165928: sane-backends, subversion rc scripts affecting rcorder in base Message-ID: <201203111117.q2BBHVDH008098@red.freebsd.org> Resent-Message-ID: <201203111120.q2BBKBRv009020@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 165928 >Category: ports >Synopsis: sane-backends, subversion rc scripts affecting rcorder in base >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 11 11:20:10 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Matt Dawson >Release: FreeBSD-9.0-RELEASE >Organization: n/a >Environment: FreeBSD workstation1 9.0-RELEASE FreeBSD 9.0-RELEASE #0 r230315M: Mon Jan 23 16:08:00 GMT 2012 root@:/usr/obj/usr/src/sys/WORKSTATION1 amd64 >Description: On a machine with remote NFS mounts and ipfw *without* DEFAULT_TO_ACCEPT [1] compiled into the kernel, the saned and subversion rc scripts affect the loading of ipfw's rules, demoting it to way down the order and the NETWORKING placeholder never seems to be reached. This has the effect of blocking mountcritremote from loading any NFS filesystems in fstab, halting the boot and dropping to single user. rcorder reports many circular dependencies. This makes no sense: # $FreeBSD: ports/graphics/sane-backends/files/saned.in,v 1.3 2012/02/19 01:34:56 fjoe Exp $ # # PROVIDE: saned # REQUIRE: LOGIN netif routing mountcritlocal # BEFORE: NETWORKING Before NETWORKING but requiring LOGIN? And saned is a network daemon, for goodness' sake! Not sure exactly what's wrong with svnserve, since I needed this box back soonest and simply deleted it as I don't run a subversion server on this client. Other scripts may be similarly broken. svnserve also affects yp startup on my NIS master, breaking yp completely. [1] Potential security implications with IPFIREWALL_DEFAULT_TO_ACCEPT option in kernel as there's now a window of opportunity for an open firewall for a length of time after the network comes up. >How-To-Repeat: Install graphics/sane-backends or devel/subversion on a machine with ipfw enabled and ipfw set to default deny. >Fix: Fix the rc scripts in these ports to not affect base's rcorder. In the case of sane-backends' saned, just remove the # BEFORE: NETWORKING line. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203111117.q2BBHVDH008098>