From nobody@FreeBSD.org  Sat Jan 19 16:40:33 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
	by hub.freebsd.org (Postfix) with ESMTP id 21077977
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 19 Jan 2013 16:40:33 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 08B5437B
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 19 Jan 2013 16:40:33 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.5/8.14.5) with ESMTP id r0JGeWge057970
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 19 Jan 2013 16:40:32 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.5/8.14.5/Submit) id r0JGeWws057969;
	Sat, 19 Jan 2013 16:40:32 GMT
	(envelope-from nobody)
Message-Id: <201301191640.r0JGeWws057969@red.freebsd.org>
Date: Sat, 19 Jan 2013 16:40:32 GMT
From: Benjamin Lorenz <freebsd@fortitu.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: installation of security/openvpn-2.3.0_2 currupts ownership in /usr/local/{lib,sbin}
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         175434
>Category:       ports
>Synopsis:       installation of security/openvpn 2.3.0_2 currupts ownership in /usr/local/{lib,sbin}
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    mandree
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 19 16:50:00 UTC 2013
>Closed-Date:    Sun Jan 20 02:56:51 UTC 2013
>Last-Modified:  Sun Jan 20 03:00:01 UTC 2013
>Originator:     Benjamin Lorenz
>Release:        9.1 PRERELEASE
>Organization:
>Environment:
FreeBSD deepthought.lore.lan 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0: Tue Sep 25 19:42:35 CEST 2012     root@deepthought.lore.lan:/usr/obj/usr/src/sys/DTKERNEL  amd64
>Description:
I noticed a few changed owners/groups in the daily setuid mail, e.g.:
-2249360 -rwxr-sr-x  1 games   games       1811506 Nov  9 23:34:39 2012 /usr/local/lib/nethack/nethack
+2249360 -rwxr-sr-x  1 root    wheel       1811506 Nov  9 23:34:39 2012 /usr/local/lib/nethack/nethack

The first part of the post-install of openvpn-2.3.0_2 does 

.for i in lib sbin
   (cd ${_stagedir}${PREFIX}/${i} && ${COPYTREE_BIN} \* ${PREFIX}/${i}/)
.endfor

which results (among other commands) in:
chown -R root:wheel /usr/local/lib
chown -R root:wheel /usr/local/sbin

Files from virtualbox-ose and lsof were also affected.
>How-To-Repeat:
Have some files with owner:group != root:wheel in /usr/local/{sbin,lib} and install security/openvpn-2.3.0_2 .

The corresponding output is:
===> Installing rc.d startup script(s)
/bin/mkdir -p /usr/local/lib /usr/local/sbin /usr/local/include /usr/local/man
(cd /usr/ports/security/openvpn/work/instage/usr/local/lib && /bin/sh -c '(/usr/bin/find -d $0 $2 | /usr/bin/cpio -dumpl $1 >/dev/null  2>&1) &&  /usr/sbin/chown -R root:wheel $1 &&  /usr/bin/find -d $0 $2 -type d -exec chmod 755 $1/{} \; &&  /usr/bin/find -d $0 $2 -type f -exec chmod 555 $1/{} \;' -- \* /usr/local/lib/)
(cd /usr/ports/security/openvpn/work/instage/usr/local/sbin && /bin/sh -c '(/usr/bin/find -d $0 $2 | /usr/bin/cpio -dumpl $1 >/dev/null  2>&1) &&  /usr/sbin/chown -R root:wheel $1 &&  /usr/bin/find -d $0 $2 -type d -exec chmod 755 $1/{} \; &&  /usr/bin/find -d $0 $2 -type f -exec chmod 555 $1/{} \;' -- \* /usr/local/sbin/)

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->mandree 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Sat Jan 19 19:49:58 UTC 2013 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=175434 
State-Changed-From-To: open->closed 
State-Changed-By: mandree 
State-Changed-When: Sun Jan 20 02:56:50 UTC 2013 
State-Changed-Why:  
Fixed in PORTREVISION 3, thanks for the useful report - and sorry for 
the inconvenience. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=175434 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/175434: commit references a PR
Date: Sun, 20 Jan 2013 02:56:01 +0000 (UTC)

 Author: mandree
 Date: Sun Jan 20 02:55:48 2013
 New Revision: 310670
 URL: http://svnweb.freebsd.org/changeset/ports/310670
 
 Log:
   - When installing from port, do not tamper with permissions of other files
     in ${PREFIX}/sbin and ${PREFIX}/lib. [1]
   
   - Do not install plugin .la/.so files with the executable bit set, they
     are not executable.
   
   PR:		ports/175434 [1]
   Submitted by:	Benjamin Lorenz [1]
 
 Modified:
   head/security/openvpn/Makefile
 
 Modified: head/security/openvpn/Makefile
 ==============================================================================
 --- head/security/openvpn/Makefile	Sun Jan 20 01:30:35 2013	(r310669)
 +++ head/security/openvpn/Makefile	Sun Jan 20 02:55:48 2013	(r310670)
 @@ -3,7 +3,7 @@
  
  PORTNAME=	openvpn
  DISTVERSION=	2.3.0
 -PORTREVISION=	2
 +PORTREVISION=	3
  CATEGORIES=	security net
  MASTER_SITES=	http://swupdate.openvpn.net/community/releases/ \
  		http://build.openvpn.net/downloads/releases/
 @@ -91,10 +91,10 @@ post-build:
  .endif
  
  post-install:
 -	${MKDIR} ${PREFIX}/lib ${PREFIX}/sbin ${PREFIX}/include ${PREFIX}/man
 -.for i in lib sbin
 -	(cd ${_stagedir}${PREFIX}/${i} && ${COPYTREE_BIN} \* ${PREFIX}/${i}/)
 -.endfor
 +	${MKDIR} ${PREFIX}/lib/openvpn/plugins/ ${PREFIX}/sbin \
 +		 ${PREFIX}/include ${PREFIX}/man
 +	${INSTALL_PROGRAM} ${_stagedir}${PREFIX}/sbin/openvpn ${PREFIX}/sbin
 +	${INSTALL_DATA} ${_stagedir}${PREFIX}/lib/openvpn/plugins/* ${PREFIX}/lib/openvpn/plugins/
  	${INSTALL_DATA} ${_stagedir}${PREFIX}/include/* ${PREFIX}/include/
  	${INSTALL_MAN} ${_stagedir}${PREFIX}/man/man8/* ${MAN8PREFIX}/man/man8/
  .if ${PORT_OPTIONS:MDOCS}
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
 
>Unformatted:
