HomeFreeBSD
Diffusion FreeBSD ports repository rP521884

MFH: r521876
rP521884
Actions

Description

MFH: r521876

Fix up file permissions in Qt ports.

Because qt-dist.mk sets EXTRACT_AFTER_ARGS, the framework-standard
--no-same-owner and --no-same-permissions aren't added. That means
that the files end up in packages with the permissions from the tarball,
and in particular that official packages contain group-writable (wheel)
includes (C++ headers) and other files.

This was reported in
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227027
and fixed in 465911 (18 months ago) but the move from bsd.qt.mk
to Uses/qt-dist.mk lost those settings again. Re-add them to
the Uses/ file to improve package security.

(The problem does not seem to be present in my local poudriere builds)

PR: 227027
Reported by: grarpamp@gmail.com
Reviewed by: tcberner
Approved by: tcberner
Differential Revision: https://reviews.freebsd.org/D22999

Approved by: portmgr (joneum)

Details

Provenance
adridgAuthored on
Reviewer
tcberner
Differential Revision
D22999: Mk/Uses/qt-dist.mk: extract Qt ports with safer permissions
Parents
rP521883: cad/openvsp: update to 3.20.0
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
branches/
2020Q1/
Mk/
Uses/

rP521884

View Options

branches/2020Q1/

Loading...
View Options

branches/2020Q1/Mk/Uses/qt-dist.mk

Loading...