[Bug 227027] devel/qt5: insecure file perms in the pkg tarballs
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Mar 28 10:00:22 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227027
Bug ID: 227027
Summary: devel/qt5: insecure file perms in the pkg tarballs
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: kde at FreeBSD.org
Reporter: grarpamp at gmail.com
Assignee: kde at FreeBSD.org
Flags: maintainer-feedback?(kde at FreeBSD.org)
There are at least 4400 instances of insecure g+w file perms in the qt5-*
tarballs that pkg unpacks into /usr/local/include/qt5 on amd64 and likely all
platforms.
This changed sometime between mid Nov and end Jan.
tar -tvf <tarball> | egrep '^.....w'
Fix is to revert back to the correct and secure g-w.
Incomplete tarball list...
qt5-concurrent-5.9.4.txz
qt5-core-5.9.4.txz
qt5-dbus-5.9.4.txz
qt5-gui-5.9.4_2.txz
qt5-network-5.9.4_1.txz
qt5-opengl-5.9.4.txz
qt5-printsupport-5.9.4.txz
qt5-svg-5.9.4.txz
qt5-widgets-5.9.4.txz
qt5-x11extras-5.9.4.txz
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the kde-freebsd
mailing list