Bug 208534 - security/openvpn rc.d script breaks "service -R" on 10.3-RELEASE
Summary: security/openvpn rc.d script breaks "service -R" on 10.3-RELEASE
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Matthias Andree
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-04 21:54 UTC by Allan Saddi
Modified: 2016-05-23 22:10 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (mandree)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Allan Saddi 2016-04-04 21:54:15 UTC
On 10.3-RELEASE, performing a "service -R" stops with the following error:

  /usr/sbin/service: ERROR: USAGE: load_rc_config_var name var

when openvpn is installed.

I've narrowed it down to the way the name variable is defined in the rc script:

  name="${name##*/}"

I realize openvpn does it this way to support multiple instances.

/usr/sbin/service under 10.3-RELEASE has an additional check now that trips over this:

                        if [ -n "$rcvar" ]; then
                                load_rc_config_var ${name} ${rcvar}
                        fi

For now, I am working around this issue by editing the rc script and setting name directly to "openvpn".
Comment 1 commit-hook freebsd_committer 2016-04-05 02:08:49 UTC
A commit references this bug:

Author: mandree
Date: Tue Apr  5 02:08:04 UTC 2016
New revision: 412540
URL: https://svnweb.freebsd.org/changeset/ports/412540

Log:
  Work around 10.3-RELEASE's service(8) shortcomings

  PR:		208534
  Reported by:	allan@saddi.com

Changes:
  head/security/openvpn/Makefile
  head/security/openvpn/files/openvpn.in
Comment 2 Matthias Andree freebsd_committer 2016-04-05 02:09:50 UTC
I am adding a stop-gap fix, pending a later rewrite along the lines of */memcached, as proposed by Allan Jude, or another approach.

There is also a Phabricator review for a revised service(8) that needs thorough scrutiny up at https://reviews.freebsd.org/D5833

I will leave this PR open for now, barring a proper fix.
Comment 3 Devin Teske freebsd_committer 2016-04-05 16:44:18 UTC
I have a simpler solution up for review -- https://reviews.freebsd.org/D5846
Comment 4 commit-hook freebsd_committer 2016-05-14 13:33:36 UTC
A commit references this bug:

Author: mandree
Date: Sat May 14 13:33:14 UTC 2016
New revision: 415187
URL: https://svnweb.freebsd.org/changeset/ports/415187

Log:
  MFH: r412540 r412541 r415093 r415116

  Work around 10.3-RELEASE's service(8) shortcomings (r412540)
  and to fix /usr/sbin/service -R (r412541).

  PR:		208534
  Reported by:	allan@saddi.com

  r415093 (2.3.11 upgrade) and r415116 (the polarssl fix-up) together:

  Security upgrade to OpenVPN 2.3.11.

  Quoting upstream maintainers' release notes:
  "This release fixes two vulnerabilities: a port-share bug with DoS
  potential and a buffer overflow by user supplied data when using pam
  authentication. In addition a number of small fixes and improvements are
  included."

  Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23

  he upstream backported a change from the master branch that fixes the
  PolarSSL-based builds to go with the PolarSSL 1.3.X built-in defaults.

  Approved by:	ports-secteam (junovich)
  PR:		209498
  Security:	0dc8be9e-19af-11e6-8de0-080027ef73ec

Changes:
_U  branches/2016Q2/
  branches/2016Q2/security/openvpn/Makefile
  branches/2016Q2/security/openvpn/distinfo
  branches/2016Q2/security/openvpn/files/openvpn.in
  branches/2016Q2/security/openvpn/files/patch-629baad8