From nobody@FreeBSD.org  Sun Mar 11 11:17:31 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B711A1065674
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 11 Mar 2012 11:17:31 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id A63678FC25
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 11 Mar 2012 11:17:31 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q2BBHVSx008099
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 11 Mar 2012 11:17:31 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q2BBHVDH008098;
	Sun, 11 Mar 2012 11:17:31 GMT
	(envelope-from nobody)
Message-Id: <201203111117.q2BBHVDH008098@red.freebsd.org>
Date: Sun, 11 Mar 2012 11:17:31 GMT
From: Matt Dawson <matt@chronos.org.uk>
To: freebsd-gnats-submit@FreeBSD.org
Subject: sane-backends, subversion rc scripts affecting rcorder in base
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         165928
>Category:       ports
>Synopsis:       graphics/sane-backends, devel/subversion rc scripts affecting rcorder in base
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lev
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 11 11:20:10 UTC 2012
>Closed-Date:    Sun Apr 01 18:47:54 UTC 2012
>Last-Modified:  Sun Apr 01 18:47:54 UTC 2012
>Originator:     Matt Dawson
>Release:        FreeBSD-9.0-RELEASE
>Organization:
n/a
>Environment:
FreeBSD workstation1 9.0-RELEASE FreeBSD 9.0-RELEASE #0 r230315M: Mon Jan 23 16:08:00 GMT 2012     root@:/usr/obj/usr/src/sys/WORKSTATION1  amd64
>Description:
On a machine with remote NFS mounts and ipfw *without* DEFAULT_TO_ACCEPT
[1] compiled into the kernel, the saned and subversion rc scripts affect
the loading of ipfw's rules, demoting it to way down the order and the
NETWORKING placeholder never seems to be reached. This has the effect
of blocking mountcritremote from loading any NFS filesystems in fstab,
halting the boot and dropping to single user. rcorder reports many
circular dependencies.

This makes no sense:

# $FreeBSD: ports/graphics/sane-backends/files/saned.in,v 1.3 2012/02/19 01:34:56 fjoe Exp $
#
# PROVIDE: saned
# REQUIRE: LOGIN netif routing mountcritlocal
# BEFORE: NETWORKING

Before NETWORKING but requiring LOGIN? And saned is a network daemon,
for goodness' sake!

Not sure exactly what's wrong with svnserve, since I needed this box
back soonest and simply deleted it as I don't run a subversion server
on this client. Other scripts may be similarly broken. svnserve also
affects yp startup on my NIS master, breaking yp completely.

[1] Potential security implications with IPFIREWALL_DEFAULT_TO_ACCEPT
option in kernel as there's now a window of opportunity for an open
firewall for a length of time after the network comes up.
>How-To-Repeat:
Install graphics/sane-backends or devel/subversion on a machine with
ipfw enabled and ipfw set to default deny.
>Fix:
Fix the rc scripts in these ports to not affect base's rcorder. In the
case of sane-backends' saned, just remove the # BEFORE: NETWORKING line.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->lev 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Mar 12 00:45:07 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer of devel/subversion.  graphics/sane-backends is 
unmaintained. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=165928 

Date: Sun, 11 Mar 2012 19:04:05 -0700
From: Doug Barton <dougb@FreeBSD.org>
To: Mark Linimon <linimon@lonesome.com>
Cc: freebsd-rc@FreeBSD.org, bug-followup@FreeBSD.org
In-Reply-To: <20120312005042.GC7675@lonesome.com>
Subject: Re: [Fwd: ports/165928: graphics/sane-backends, devel/subversion
 rc scripts affecting rcorder in base]

 sane-backends is clearly broken in this regard.
 
 It's not clear to me from the PR what subversion's culpability is, but
 if it has similar REQUIRE/BEFORE then it's broken as well.
 
 Can't look at this atm, but will when I have time, if no one else gets
 to it first.
 
 Doug
 
 -- 
 
     This .signature sanitized for your protection

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/165928: commit references a PR
Date: Mon, 19 Mar 2012 23:33:31 +0000 (UTC)

 dougb       2012-03-19 23:33:15 UTC
 
   FreeBSD ports repository
 
   Modified files:
     graphics/sane-backends Makefile 
     graphics/sane-backends/files saned.in 
   Log:
   Relative to the problem mentioned in the PR, fix the rc.d script
   to avoid a circular dependency problem which adversely affects
   other scripts, including those in the base.
   
   Specifically, it's impossible to have both:
   REQUIRE: LOGIN
   and
   BEFORE: NETWORKING
   
   Since this services runs as an unprivileged user, LOGIN wins.
   
   While I'm here, apply various other cleanups, including adding
   KEYWORD: shutdown, putting the elements in more typical order,
   fixing some syntax issues, etc.
   
   Bump PORTREVISION due to the previous incarnation of the rc.d
   script being actually pathological, rather than just slightly
   wacky.
   
   PR:             ports/165928
   Submitted by:   Matt Dawson <matt@chronos.org.uk>
   Feature safe:   yes
   
   Revision  Changes    Path
   1.104     +1 -1      ports/graphics/sane-backends/Makefile
   1.4       +15 -17    ports/graphics/sane-backends/files/saned.in
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
From: Doug Barton <dougb@FreeBSD.org>
To: Mark Linimon <linimon@lonesome.com>
Cc: freebsd-rc@FreeBSD.org, bug-followup@FreeBSD.org
Subject: Re: [Fwd: ports/165928: graphics/sane-backends, devel/subversion
 rc scripts affecting rcorder in base]

 I just fixed sane-backends, and took a quick look at svnserve.in and I
 don't see any problems there.
 
 Can the originator please test with the updated sane-backends and let us
 know if you see any problems? Try 'service -r' at minimum.
 
 
 Thanks,
 
 Doug
 
 -- 
 
     This .signature sanitized for your protection

From: Matt Dawson <matt@chronos.org.uk>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: ports/165928: graphics/sane-backends, devel/subversion rc scripts affecting rcorder in base
Date: Mon, 26 Mar 2012 13:44:14 +0100

 Looks like devel/subversion and its associated svnserve script are 
 actually fine as I can't reproduce what I was seeing before with a 
 fresh install.
 
 Doug's commit fixes saned, so this PR can now be closed.
 -- 
 Matt Dawson
 GW0VNR
 MTD15-RIPE
State-Changed-From-To: open->closed 
State-Changed-By: lev 
State-Changed-When: Sun Apr 1 18:45:47 UTC 2012 
State-Changed-Why:  
Fixed for sane by dougb@, not relevant for subversion. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=165928 
>Unformatted:
