svn commit: r521876 - head/Mk/Uses
Adriaan de Groot
adridg at FreeBSD.org
Thu Jan 2 20:13:11 UTC 2020
Author: adridg
Date: Thu Jan 2 20:13:11 2020
New Revision: 521876
URL: https://svnweb.freebsd.org/changeset/ports/521876
Log:
Fix up file permissions in Qt ports.
Because qt-dist.mk sets EXTRACT_AFTER_ARGS, the framework-standard
--no-same-owner and --no-same-permissions aren't added. That means
that the files end up in packages with the permissions from the tarball,
and in particular that official packages contain group-writable (wheel)
includes (C++ headers) and other files.
This was reported in
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227027
and fixed in 465911 (18 months ago) but the move from bsd.qt.mk
to Uses/qt-dist.mk lost those settings again. Re-add them to
the Uses/ file to improve package security.
(The problem does not seem to be present in my local poudriere builds)
PR: 227027
Reported by: grarpamp at gmail.com
Reviewed by: tcberner
Approved by: tcberner
MFH: 2020Q1
Differential Revision: https://reviews.freebsd.org/D22999
Modified:
head/Mk/Uses/qt-dist.mk
Modified: head/Mk/Uses/qt-dist.mk
==============================================================================
--- head/Mk/Uses/qt-dist.mk Thu Jan 2 20:03:35 2020 (r521875)
+++ head/Mk/Uses/qt-dist.mk Thu Jan 2 20:13:11 2020 (r521876)
@@ -112,7 +112,8 @@ EXTRACT_SUFX?= .tar.xz
# Other ports from other Qt modules will automatically build examples and
# tests if the directories exist because of mkspecs/features/qt_parts.prf.
EXTRACT_AFTER_ARGS?= ${DISTNAME:S,$,/examples,:S,^,--exclude ,} \
- ${DISTNAME:S,$,/tests,:S,^,--exclude ,}
+ ${DISTNAME:S,$,/tests,:S,^,--exclude ,} \
+ --no-same-owner --no-same-permissions
. endif # ! ${_QT_VER:M5}
CONFIGURE_ENV+= MAKE="${MAKE:T}"
More information about the svn-ports-all
mailing list