From nobody@FreeBSD.org  Sun Sep  1 00:02:05 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTP id 050C136D
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  1 Sep 2013 00:02:05 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id E12612AFA
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  1 Sep 2013 00:02:04 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r81022sT099808
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 1 Sep 2013 00:02:02 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r81022gI099805;
	Sun, 1 Sep 2013 00:02:02 GMT
	(envelope-from nobody)
Message-Id: <201309010002.r81022gI099805@oldred.freebsd.org>
Date: Sun, 1 Sep 2013 00:02:02 GMT
From: Jan Beich <jbeich@tormail.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [regression] bmake vs. bsd.port.mk: security-check doesn't work after base@r254980
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         181715
>Category:       bin
>Synopsis:       [regression] bmake vs. bsd.port.mk: security-check doesn't work after base@r254980
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    sjg
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 01 00:10:00 UTC 2013
>Closed-Date:    
>Last-Modified:  Sun Sep  1 19:00:00 UTC 2013
>Originator:     Jan Beich
>Release:        FreeBSD 10.0-CURRENT amd64
>Organization:
>Environment:
reassign to portmgr if it's a feature

>Description:
When security-check tries to generate a list of symbols to check for
unsafe functions, objdump(1) may sometimes encounter non-ELF files and
change exit status to 1. While bmake and fmake both agree to not abort
the target if the line starts with `-' (ignore) flag that's not so for
what happens to the rest of shell commands.

>How-To-Repeat:
# no warning
$ cd net/socat
$ make install
..
*** Error code 1 (ignored)

# test case
$ cat Makefile
all:
	-@true | false; echo foo
	-@true; set -o | fgrep err

$ fmake
foo
errexit         off

$ make
*** Error code 1 (ignored)
errexit         on

>Fix:
workaround

--- ignore.diff begins here ---
Index: Mk/bsd.port.mk
===================================================================
--- Mk/bsd.port.mk	(revision 325833)
+++ Mk/bsd.port.mk	(working copy)
@@ -4167,7 +4169,7 @@ security-check:
 	| ${XARGS} -0 -J % ${FIND} % -prune -perm -0002 \! -type l 2> /dev/null > ${WRKDIR}/.PLIST.writable; \
 	${TR} '\n' '\0' < ${WRKDIR}/.PLIST.flattened \
 	| ${XARGS} -0 -J % ${FIND} % -prune ! -type l -type f -print0 2> /dev/null \
-	| ${XARGS} -0 -n 1 ${OBJDUMP} -R 2> /dev/null > ${WRKDIR}/.PLIST.objdump; \
+	| ${XARGS} -0 -n 1 ${OBJDUMP} -R 2> /dev/null > ${WRKDIR}/.PLIST.objdump || ${TRUE}; \
 	if \
 		! ${AWK} -v audit="$${PORTS_AUDIT}" -f ${PORTSDIR}/Tools/scripts/security-check.awk \
 		  ${WRKDIR}/.PLIST.flattened ${WRKDIR}/.PLIST.objdump ${WRKDIR}/.PLIST.setuid ${WRKDIR}/.PLIST.writable; \
--- ignore.diff ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->sjg 
Responsible-Changed-By: tijl 
Responsible-Changed-When: Sun Sep 1 15:35:05 CEST 2013 
Responsible-Changed-Why:  
bmake is sjg territory. It looks like fmake doesn't do set -e when errors should be ignored. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=181715 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/181715: commit references a PR
Date: Sun,  1 Sep 2013 18:59:22 +0000 (UTC)

 Author: sjg
 Date: Sun Sep  1 18:59:09 2013
 New Revision: 255127
 URL: http://svnweb.freebsd.org/changeset/base/255127
 
 Log:
   Pay attention to errCheck!
   
   PR:		181715
 
 Modified:
   head/contrib/bmake/compat.c
 
 Modified: head/contrib/bmake/compat.c
 ==============================================================================
 --- head/contrib/bmake/compat.c	Sun Sep  1 17:37:19 2013	(r255126)
 +++ head/contrib/bmake/compat.c	Sun Sep  1 18:59:09 2013	(r255127)
 @@ -340,7 +340,7 @@ again:
  	/*
  	 * The following work for any of the builtin shell specs.
  	 */
 -	if (shellErrFlag) {
 +	if (errCheck && shellErrFlag) {
  	    shargv[shargc++] = shellErrFlag;
  	}
  	if (DEBUG(SHELL))
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
