From owner-freebsd-ports-bugs@FreeBSD.ORG  Sun Mar 11 11:20:11 2012
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4C56D1065672
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sun, 11 Mar 2012 11:20:11 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 28D038FC1A
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sun, 11 Mar 2012 11:20:11 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q2BBKBH5009021
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Sun, 11 Mar 2012 11:20:11 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q2BBKBRv009020;
	Sun, 11 Mar 2012 11:20:11 GMT (envelope-from gnats)
Resent-Date: Sun, 11 Mar 2012 11:20:11 GMT
Resent-Message-Id: <201203111120.q2BBKBRv009020@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Matt Dawson <matt@chronos.org.uk>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B711A1065674
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun, 11 Mar 2012 11:17:31 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id A63678FC25
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun, 11 Mar 2012 11:17:31 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q2BBHVSx008099
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 11 Mar 2012 11:17:31 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q2BBHVDH008098;
	Sun, 11 Mar 2012 11:17:31 GMT (envelope-from nobody)
Message-Id: <201203111117.q2BBHVDH008098@red.freebsd.org>
Date: Sun, 11 Mar 2012 11:17:31 GMT
From: Matt Dawson <matt@chronos.org.uk>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: ports/165928: sane-backends,
	subversion rc scripts affecting rcorder in base
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Mar 2012 11:20:11 -0000


>Number:         165928
>Category:       ports
>Synopsis:       sane-backends, subversion rc scripts affecting rcorder in base
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 11 11:20:10 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Matt Dawson
>Release:        FreeBSD-9.0-RELEASE
>Organization:
n/a
>Environment:
FreeBSD workstation1 9.0-RELEASE FreeBSD 9.0-RELEASE #0 r230315M: Mon Jan 23 16:08:00 GMT 2012     root@:/usr/obj/usr/src/sys/WORKSTATION1  amd64
>Description:
On a machine with remote NFS mounts and ipfw *without* DEFAULT_TO_ACCEPT [1] compiled into the kernel, the saned and subversion rc scripts affect the loading of ipfw's rules, demoting it to way down the order and the NETWORKING placeholder never seems to be reached. This has the effect of blocking mountcritremote from loading any NFS filesystems in fstab, halting the boot and dropping to single user. rcorder reports many circular dependencies.

This makes no sense:

# $FreeBSD: ports/graphics/sane-backends/files/saned.in,v 1.3 2012/02/19 01:34:56 fjoe Exp $
#
# PROVIDE: saned
# REQUIRE: LOGIN netif routing mountcritlocal
# BEFORE: NETWORKING

Before NETWORKING but requiring LOGIN? And saned is a network daemon, for goodness' sake!

Not sure exactly what's wrong with svnserve, since I needed this box back soonest and simply deleted it as I don't run a subversion server on this client. Other scripts may be similarly broken. svnserve also affects yp startup on my NIS master, breaking yp completely.

[1] Potential security implications with IPFIREWALL_DEFAULT_TO_ACCEPT option in kernel as there's now a window of opportunity for an open firewall for a length of time after the network comes up.
>How-To-Repeat:
Install graphics/sane-backends or devel/subversion on a machine with ipfw enabled and ipfw set to default deny.
>Fix:
Fix the rc scripts in these ports to not affect base's rcorder. In the case of sane-backends' saned, just remove the # BEFORE: NETWORKING line.

>Release-Note:
>Audit-Trail:
>Unformatted: