Date: Wed, 28 Mar 2018 10:00:22 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 227027] devel/qt5: insecure file perms in the pkg tarballs Message-ID: <bug-227027-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D227027 Bug ID: 227027 Summary: devel/qt5: insecure file perms in the pkg tarballs Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: kde@FreeBSD.org Reporter: grarpamp@gmail.com Assignee: kde@FreeBSD.org Flags: maintainer-feedback?(kde@FreeBSD.org) There are at least 4400 instances of insecure g+w file perms in the qt5-* tarballs that pkg unpacks into /usr/local/include/qt5 on amd64 and likely a= ll platforms. This changed sometime between mid Nov and end Jan. tar -tvf <tarball> | egrep '^.....w' Fix is to revert back to the correct and secure g-w. Incomplete tarball list... qt5-concurrent-5.9.4.txz qt5-core-5.9.4.txz qt5-dbus-5.9.4.txz qt5-gui-5.9.4_2.txz qt5-network-5.9.4_1.txz qt5-opengl-5.9.4.txz qt5-printsupport-5.9.4.txz qt5-svg-5.9.4.txz qt5-widgets-5.9.4.txz qt5-x11extras-5.9.4.txz --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-227027-13>