I noticed a few changed owners/groups in the daily setuid mail, e.g.: -2249360 -rwxr-sr-x 1 games games 1811506 Nov 9 23:34:39 2012 /usr/local/lib/nethack/nethack +2249360 -rwxr-sr-x 1 root wheel 1811506 Nov 9 23:34:39 2012 /usr/local/lib/nethack/nethack The first part of the post-install of openvpn-2.3.0_2 does .for i in lib sbin (cd ${_stagedir}${PREFIX}/${i} && ${COPYTREE_BIN} \* ${PREFIX}/${i}/) .endfor which results (among other commands) in: chown -R root:wheel /usr/local/lib chown -R root:wheel /usr/local/sbin Files from virtualbox-ose and lsof were also affected. How-To-Repeat: Have some files with owner:group != root:wheel in /usr/local/{sbin,lib} and install security/openvpn-2.3.0_2 . The corresponding output is: ===> Installing rc.d startup script(s) /bin/mkdir -p /usr/local/lib /usr/local/sbin /usr/local/include /usr/local/man (cd /usr/ports/security/openvpn/work/instage/usr/local/lib && /bin/sh -c '(/usr/bin/find -d $0 $2 | /usr/bin/cpio -dumpl $1 >/dev/null 2>&1) && /usr/sbin/chown -R root:wheel $1 && /usr/bin/find -d $0 $2 -type d -exec chmod 755 $1/{} \; && /usr/bin/find -d $0 $2 -type f -exec chmod 555 $1/{} \;' -- \* /usr/local/lib/) (cd /usr/ports/security/openvpn/work/instage/usr/local/sbin && /bin/sh -c '(/usr/bin/find -d $0 $2 | /usr/bin/cpio -dumpl $1 >/dev/null 2>&1) && /usr/sbin/chown -R root:wheel $1 && /usr/bin/find -d $0 $2 -type d -exec chmod 755 $1/{} \; && /usr/bin/find -d $0 $2 -type f -exec chmod 555 $1/{} \;' -- \* /usr/local/sbin/)
Responsible Changed From-To: freebsd-ports-bugs->mandree Over to maintainer (via the GNATS Auto Assign Tool)
Author: mandree Date: Sun Jan 20 02:55:48 2013 New Revision: 310670 URL: http://svnweb.freebsd.org/changeset/ports/310670 Log: - When installing from port, do not tamper with permissions of other files in ${PREFIX}/sbin and ${PREFIX}/lib. [1] - Do not install plugin .la/.so files with the executable bit set, they are not executable. PR: ports/175434 [1] Submitted by: Benjamin Lorenz [1] Modified: head/security/openvpn/Makefile Modified: head/security/openvpn/Makefile ============================================================================== --- head/security/openvpn/Makefile Sun Jan 20 01:30:35 2013 (r310669) +++ head/security/openvpn/Makefile Sun Jan 20 02:55:48 2013 (r310670) @@ -3,7 +3,7 @@ PORTNAME= openvpn DISTVERSION= 2.3.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security net MASTER_SITES= http://swupdate.openvpn.net/community/releases/ \ http://build.openvpn.net/downloads/releases/ @@ -91,10 +91,10 @@ post-build: .endif post-install: - ${MKDIR} ${PREFIX}/lib ${PREFIX}/sbin ${PREFIX}/include ${PREFIX}/man -.for i in lib sbin - (cd ${_stagedir}${PREFIX}/${i} && ${COPYTREE_BIN} \* ${PREFIX}/${i}/) -.endfor + ${MKDIR} ${PREFIX}/lib/openvpn/plugins/ ${PREFIX}/sbin \ + ${PREFIX}/include ${PREFIX}/man + ${INSTALL_PROGRAM} ${_stagedir}${PREFIX}/sbin/openvpn ${PREFIX}/sbin + ${INSTALL_DATA} ${_stagedir}${PREFIX}/lib/openvpn/plugins/* ${PREFIX}/lib/openvpn/plugins/ ${INSTALL_DATA} ${_stagedir}${PREFIX}/include/* ${PREFIX}/include/ ${INSTALL_MAN} ${_stagedir}${PREFIX}/man/man8/* ${MAN8PREFIX}/man/man8/ .if ${PORT_OPTIONS:MDOCS} _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Fixed in PORTREVISION 3, thanks for the useful report - and sorry for the inconvenience.