From nobody Mon Dec 30 19:29:11 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YMR473qPsz5hdwb; Mon, 30 Dec 2024 19:29:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YMR472z31z48YC; Mon, 30 Dec 2024 19:29:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1735586951; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6Z2TnGD0eXRyTy32/E1qYc75Hp8ZdnBXG7m0uBeRoM0=; b=HWxCSBmIkzduL9ECaIRgJloTmNI+Te4EBTA2LA+yqTzA/YXLwG3QriP4oJxnCQBY3Wugn3 hp17zSB5SB/bCmygyeMHHvl3PcaEEuAP1+oqorP+1UbUKE7lGMQST9ViqrW18uuSQyVd1q NKPiL4Q8/wZhqkQGCvDexqRgCKUmaFUGjQdrLBlPK9hboEnD4aBqGDGdbhK5SIWnKsOIPQ QUJdqCJtMp0oPp+epEf+naABU+LoWi657IW0Ed4+itLcqbu9isWq60Jks0L3WckCvbcrzL d/+eEFoHXWyQl1C7vplTHByfrBu9vMQTlrBVCVx3h3wVWMgK7cNbmfBz9zdYHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1735586951; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6Z2TnGD0eXRyTy32/E1qYc75Hp8ZdnBXG7m0uBeRoM0=; b=mR1YbFmz1t/8foN/lLKjy0wcUyCswzF0/vlGu7OYcuLGa/UlztF132gBWkgcIY1EkzF44b dO3djHA3484p0NuUginSCg+dBI2WQM4Fqow3nl6OAlw8QeSIRQwaUIclqBy7E135MJjy2O sqaxhXg5ZzglyGAzyRHeq93fItkW96U3foSNkpsdK+N/wJraiSFTJ3m51RIl7v5gDGFqsM LPYE4foEbDavO7wBnfdjGEUcDdCPoOfAOTB0+RgQ1dxRnvFjHyB2MlQD8fnwqt0yAc2eoJ bZHLQ1pKV8u2yeigpiND0OL/XKrx3WmncDfJxqm1FdIXYeKBfzt2rnP8qHXVBA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1735586951; a=rsa-sha256; cv=none; b=CZGBxv5ayaHyKGee9g2NjdCIMLrykw9HakSZbyXS2VB7fJT2Ju2DVoK7YNLOipfXtRHrmH Em7FB4EufzyeX9Qh33RXdrXdcymMiU4e84//rXj+gbf2dhfS8h6a3+f6Nlicnwk5OUjNoT pSg5dComL06rulVQ1uvCGwxMohs+nM19nX/n2tb2k0G9T1K5gkW0N1ant5SvfftU2kkxLo ifwMDhFnvLA921lGFQ47/KNBydiIuWn11xOCGWt8TC7q6Ru67ZbeeyDJBDI/mYaK+jS0Y/ l5OcPegDzUfFkDO9H4oCSXJIp417sFIjXYa3zYco5V4kYhR4RuAl9Pep9CAXOQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YMR472ZP7z16Jb; Mon, 30 Dec 2024 19:29:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BUJTB2Y071021; Mon, 30 Dec 2024 19:29:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BUJTB9A071018; Mon, 30 Dec 2024 19:29:11 GMT (envelope-from git) Date: Mon, 30 Dec 2024 19:29:11 GMT Message-Id: <202412301929.4BUJTB9A071018@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Dirk Meyer Subject: git: 121c0dbfd395 - main - security/tinc-devel: security/tinc: add user and group tinc List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: dinoex X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 121c0dbfd3952f623ab39c1126d69ea7ca8ea4cc Auto-Submitted: auto-generated The branch main has been updated by dinoex: URL: https://cgit.FreeBSD.org/ports/commit/?id=121c0dbfd3952f623ab39c1126d69ea7ca8ea4cc commit 121c0dbfd3952f623ab39c1126d69ea7ca8ea4cc Author: Dirk Meyer AuthorDate: 2024-12-30 19:27:20 +0000 Commit: Dirk Meyer CommitDate: 2024-12-30 19:28:44 +0000 security/tinc-devel: security/tinc: add user and group tinc The tinc daemon is now setgid The daemon can drop privileges with: sysrc tincd_flags=--user=tinc Reported by: Poul-Henning Kamp --- GIDs | 2 +- UIDs | 2 +- security/tinc-devel/Makefile | 6 ++++-- security/tinc/Makefile | 6 ++++-- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/GIDs b/GIDs index 03596f6128e5..8c1d8a3b37cf 100644 --- a/GIDs +++ b/GIDs @@ -596,7 +596,7 @@ _xrdp:*:648: # free: 652 # free: 653 # free: 654 -# free: 655 +tinc:*:655: # free: 656 # free: 657 # free: 658 diff --git a/UIDs b/UIDs index 12bf78b790bc..bb47a9da489d 100644 --- a/UIDs +++ b/UIDs @@ -602,7 +602,7 @@ _xrdp:*:648:648::0:0:xrdp daemon:/nonexistent:/usr/sbin/nologin # free: 652 # free: 653 # free: 654 -# free: 655 +tinc:*:655:655::0:0:tinc daemon:/nonexistent:/usr/sbin/nologin # free: 656 # free: 657 # free: 658 diff --git a/security/tinc-devel/Makefile b/security/tinc-devel/Makefile index 36509ef02695..dbffc389914a 100644 --- a/security/tinc-devel/Makefile +++ b/security/tinc-devel/Makefile @@ -1,6 +1,6 @@ PORTNAME= tinc PORTVERSION= 1.1pre18 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security net-vpn MASTER_SITES= https://www.tinc-vpn.org/packages/ \ http://www.tinc-vpn.org/packages/ @@ -15,6 +15,8 @@ LICENSE_FILE= ${WRKSRC}/COPYING LIB_DEPENDS= liblzo2.so:archivers/lzo2 +USERS= tinc +GROUPS= tinc USES= cpe ssl makeinfo readline localbase:ldflags CPE_VENDOR= tinc-vpn GNU_CONFIGURE= yes @@ -22,7 +24,7 @@ GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share CONFIGURE_ARGS= --localstatedir=/var --with-curses=/usr USE_RC_SUBR= tincd INFO= tinc -PLIST_FILES= sbin/tincd sbin/tinc \ +PLIST_FILES= "@(root,tinc,2550) sbin/tincd" sbin/tinc \ share/bash-completion/completions/tinc \ share/man/man8/tinc-gui.8.gz share/man/man5/tinc.conf.5.gz \ share/man/man8/tinc.8.gz share/man/man8/tincd.8.gz diff --git a/security/tinc/Makefile b/security/tinc/Makefile index 4a99dd316315..39a42a4668a6 100644 --- a/security/tinc/Makefile +++ b/security/tinc/Makefile @@ -1,6 +1,6 @@ PORTNAME= tinc PORTVERSION= 1.0.36 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security net-vpn MASTER_SITES= https://www.tinc-vpn.org/packages/ \ http://www.tinc-vpn.org/packages/ @@ -13,6 +13,8 @@ LICENSE= GPLv3 LIB_DEPENDS= liblzo2.so:archivers/lzo2 +USERS= tinc +GROUPS= tinc USES= cpe ssl makeinfo CPE_VENDOR= tinc-vpn GNU_CONFIGURE= yes @@ -22,7 +24,7 @@ LDFLAGS+= -L${LOCALBASE}/lib CONFIGURE_ARGS= --localstatedir=/var USE_RC_SUBR= tincd INFO= tinc -PLIST_FILES= sbin/tincd \ +PLIST_FILES= "@(root,tinc,2550) sbin/tincd" \ share/man/man5/tinc.conf.5.gz share/man/man8/tincd.8.gz .include