Bug 175434 - installation of security/openvpn 2.3.0_2 currupts ownership in /usr/local/{lib,sbin}
installation of security/openvpn 2.3.0_2 currupts ownership in /usr/local/{li...
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Latest
Any Any
: Normal Affects Only Me
Assigned To: Matthias Andree
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-19 16:50 UTC by freebsd
Modified: 2013-01-20 03:00 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description freebsd 2013-01-19 16:50:00 UTC
I noticed a few changed owners/groups in the daily setuid mail, e.g.:
-2249360 -rwxr-sr-x  1 games   games       1811506 Nov  9 23:34:39 2012 /usr/local/lib/nethack/nethack
+2249360 -rwxr-sr-x  1 root    wheel       1811506 Nov  9 23:34:39 2012 /usr/local/lib/nethack/nethack

The first part of the post-install of openvpn-2.3.0_2 does 

.for i in lib sbin
   (cd ${_stagedir}${PREFIX}/${i} && ${COPYTREE_BIN} \* ${PREFIX}/${i}/)
.endfor

which results (among other commands) in:
chown -R root:wheel /usr/local/lib
chown -R root:wheel /usr/local/sbin

Files from virtualbox-ose and lsof were also affected.

How-To-Repeat: Have some files with owner:group != root:wheel in /usr/local/{sbin,lib} and install security/openvpn-2.3.0_2 .

The corresponding output is:
===> Installing rc.d startup script(s)
/bin/mkdir -p /usr/local/lib /usr/local/sbin /usr/local/include /usr/local/man
(cd /usr/ports/security/openvpn/work/instage/usr/local/lib && /bin/sh -c '(/usr/bin/find -d $0 $2 | /usr/bin/cpio -dumpl $1 >/dev/null  2>&1) &&  /usr/sbin/chown -R root:wheel $1 &&  /usr/bin/find -d $0 $2 -type d -exec chmod 755 $1/{} \; &&  /usr/bin/find -d $0 $2 -type f -exec chmod 555 $1/{} \;' -- \* /usr/local/lib/)
(cd /usr/ports/security/openvpn/work/instage/usr/local/sbin && /bin/sh -c '(/usr/bin/find -d $0 $2 | /usr/bin/cpio -dumpl $1 >/dev/null  2>&1) &&  /usr/sbin/chown -R root:wheel $1 &&  /usr/bin/find -d $0 $2 -type d -exec chmod 755 $1/{} \; &&  /usr/bin/find -d $0 $2 -type f -exec chmod 555 $1/{} \;' -- \* /usr/local/sbin/)
Comment 1 Edwin Groothuis freebsd_committer 2013-01-19 19:49:58 UTC
Responsible Changed
From-To: freebsd-ports-bugs->mandree

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter freebsd_committer 2013-01-20 02:56:01 UTC
Author: mandree
Date: Sun Jan 20 02:55:48 2013
New Revision: 310670
URL: http://svnweb.freebsd.org/changeset/ports/310670

Log:
  - When installing from port, do not tamper with permissions of other files
    in ${PREFIX}/sbin and ${PREFIX}/lib. [1]
  
  - Do not install plugin .la/.so files with the executable bit set, they
    are not executable.
  
  PR:		ports/175434 [1]
  Submitted by:	Benjamin Lorenz [1]

Modified:
  head/security/openvpn/Makefile

Modified: head/security/openvpn/Makefile
==============================================================================
--- head/security/openvpn/Makefile	Sun Jan 20 01:30:35 2013	(r310669)
+++ head/security/openvpn/Makefile	Sun Jan 20 02:55:48 2013	(r310670)
@@ -3,7 +3,7 @@
 
 PORTNAME=	openvpn
 DISTVERSION=	2.3.0
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security net
 MASTER_SITES=	http://swupdate.openvpn.net/community/releases/ \
 		http://build.openvpn.net/downloads/releases/
@@ -91,10 +91,10 @@ post-build:
 .endif
 
 post-install:
-	${MKDIR} ${PREFIX}/lib ${PREFIX}/sbin ${PREFIX}/include ${PREFIX}/man
-.for i in lib sbin
-	(cd ${_stagedir}${PREFIX}/${i} && ${COPYTREE_BIN} \* ${PREFIX}/${i}/)
-.endfor
+	${MKDIR} ${PREFIX}/lib/openvpn/plugins/ ${PREFIX}/sbin \
+		 ${PREFIX}/include ${PREFIX}/man
+	${INSTALL_PROGRAM} ${_stagedir}${PREFIX}/sbin/openvpn ${PREFIX}/sbin
+	${INSTALL_DATA} ${_stagedir}${PREFIX}/lib/openvpn/plugins/* ${PREFIX}/lib/openvpn/plugins/
 	${INSTALL_DATA} ${_stagedir}${PREFIX}/include/* ${PREFIX}/include/
 	${INSTALL_MAN} ${_stagedir}${PREFIX}/man/man8/* ${MAN8PREFIX}/man/man8/
 .if ${PORT_OPTIONS:MDOCS}
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 3 Matthias Andree freebsd_committer 2013-01-20 02:56:50 UTC
State Changed
From-To: open->closed

Fixed in PORTREVISION 3, thanks for the useful report - and sorry for 
the inconvenience.