ports/165928: sane-backends, subversion rc scripts affecting rcorder in base

Matt Dawson matt at chronos.org.uk
Sun Mar 11 11:20:11 UTC 2012 

>Number:         165928
>Category:       ports
>Synopsis:       sane-backends, subversion rc scripts affecting rcorder in base
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 11 11:20:10 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Matt Dawson
>Release:        FreeBSD-9.0-RELEASE
>Organization:
n/a
>Environment:
FreeBSD workstation1 9.0-RELEASE FreeBSD 9.0-RELEASE #0 r230315M: Mon Jan 23 16:08:00 GMT 2012     root@:/usr/obj/usr/src/sys/WORKSTATION1  amd64
>Description:
On a machine with remote NFS mounts and ipfw *without* DEFAULT_TO_ACCEPT [1] compiled into the kernel, the saned and subversion rc scripts affect the loading of ipfw's rules, demoting it to way down the order and the NETWORKING placeholder never seems to be reached. This has the effect of blocking mountcritremote from loading any NFS filesystems in fstab, halting the boot and dropping to single user. rcorder reports many circular dependencies.

This makes no sense:

# $FreeBSD: ports/graphics/sane-backends/files/saned.in,v 1.3 2012/02/19 01:34:56 fjoe Exp $
#
# PROVIDE: saned
# REQUIRE: LOGIN netif routing mountcritlocal
# BEFORE: NETWORKING

Before NETWORKING but requiring LOGIN? And saned is a network daemon, for goodness' sake!

Not sure exactly what's wrong with svnserve, since I needed this box back soonest and simply deleted it as I don't run a subversion server on this client. Other scripts may be similarly broken. svnserve also affects yp startup on my NIS master, breaking yp completely.

[1] Potential security implications with IPFIREWALL_DEFAULT_TO_ACCEPT option in kernel as there's now a window of opportunity for an open firewall for a length of time after the network comes up.
>How-To-Repeat:
Install graphics/sane-backends or devel/subversion on a machine with ipfw enabled and ipfw set to default deny.
>Fix:
Fix the rc scripts in these ports to not affect base's rcorder. In the case of sane-backends' saned, just remove the # BEFORE: NETWORKING line.

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list