maintainer-feedback requested: [Bug 227027] devel/qt5: insecure file perms in the pkg tarballs
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Mar 28 10:00:22 UTC 2018
Bugzilla Automation <bugzilla at FreeBSD.org> has asked kde at FreeBSD.org for
maintainer-feedback:
Bug 227027: devel/qt5: insecure file perms in the pkg tarballs
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227027
--- Description ---
There are at least 4400 instances of insecure g+w file perms in the qt5-*
tarballs that pkg unpacks into /usr/local/include/qt5 on amd64 and likely all
platforms.
This changed sometime between mid Nov and end Jan.
tar -tvf <tarball> | egrep '^.....w'
Fix is to revert back to the correct and secure g-w.
Incomplete tarball list...
qt5-concurrent-5.9.4.txz
qt5-core-5.9.4.txz
qt5-dbus-5.9.4.txz
qt5-gui-5.9.4_2.txz
qt5-network-5.9.4_1.txz
qt5-opengl-5.9.4.txz
qt5-printsupport-5.9.4.txz
qt5-svg-5.9.4.txz
qt5-widgets-5.9.4.txz
qt5-x11extras-5.9.4.txz
More information about the kde-freebsd
mailing list