Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#18242 - [roundcubemail] package recreates installer folder on update
Attached to Project:
Community Packages
Opened by Pierre Chapuis (catwell) - Monday, 08 February 2010, 21:33 GMT
Last edited by Dan Griffiths (Ghost1227) - Tuesday, 09 February 2010, 01:56 GMT
Opened by Pierre Chapuis (catwell) - Monday, 08 February 2010, 21:33 GMT
Last edited by Dan Griffiths (Ghost1227) - Tuesday, 09 February 2010, 01:56 GMT
|
DetailsDescription:
The folder /srv/http/roundcube/installer should be deleted after roundcube configuration, but updating roundcubemail recreates it. This looks like a security flaw to me... Additional info: * package version: roundcubemail 0.3.1-1 Steps to reproduce: rm -rf /srv/http/roundcube/installer pacman -S roundcubemail ls /srv/http/roundcube/ | grep installer |
This task depends upon
Closed by Dan Griffiths (Ghost1227)
Tuesday, 09 February 2010, 01:56 GMT
Reason for closing: Implemented
Additional comments about closing: I disagree with the practice of removing it completely, but agree with the idea of increasing security. As such, the PKGBUILD has been modified to move the install directory to a nonstandard url, and an install file has been added advising the user that it is recommended to remove it entirely.
Tuesday, 09 February 2010, 01:56 GMT
Reason for closing: Implemented
Additional comments about closing: I disagree with the practice of removing it completely, but agree with the idea of increasing security. As such, the PKGBUILD has been modified to move the install directory to a nonstandard url, and an install file has been added advising the user that it is recommended to remove it entirely.