FS#76629 - [python-flask-cors] License file is executable
Attached to Project:
Community Packages
Opened by tocic (tocic) - Sunday, 20 November 2022, 09:45 GMT
Last edited by Chih-Hsuan Yen (yan12125) - Saturday, 17 December 2022, 10:23 GMT
Opened by tocic (tocic) - Sunday, 20 November 2022, 09:45 GMT
Last edited by Chih-Hsuan Yen (yan12125) - Saturday, 17 December 2022, 10:23 GMT
|
Details
I'm wondering is there any reason why the
/usr/share/licenses/python-flask-cors/LICENSE file has 655
permissions instead of 644?
Execute permissions can potentially cause security issues. It's 644 in the upstream archive — https://pypi.org/packages/source/F/Flask-Cors/Flask-Cors-3.0.10.tar.gz. For some reason, PKGBUILD changes it to 655 — https://github.com/archlinux/svntogit-community/blob/a477a44aea28bfd505e5447c6fdaaf7fce69b116/trunk/PKGBUILD#L33. Additional info: * python-flask-cors 3.0.10-3. * I wrote to the current maintainer a few months ago, but haven't received a response so far. * I was maintaining this package while it was in AUR and the file had 644 permissions. |
This task depends upon
Closed by Chih-Hsuan Yen (yan12125)
Saturday, 17 December 2022, 10:23 GMT
Reason for closing: Fixed
Additional comments about closing: python-flask-cors 3.0.10-4
Saturday, 17 December 2022, 10:23 GMT
Reason for closing: Fixed
Additional comments about closing: python-flask-cors 3.0.10-4
Comment by
Chih-Hsuan Yen (yan12125) -
Thursday, 15 December 2022, 04:08 GMT
Hi demize, do you remember why -Dm655 is used for LICENSE?
Comment by
Johannes Löthberg (demize) -
Thursday, 15 December 2022, 12:08 GMT
I would say copy-paste error or just not stopping to think about
it if it was I who wrote it. :)
Comment by
Chih-Hsuan Yen (yan12125) -
Thursday, 15 December 2022, 13:09 GMT
No problem! I will change it to 644 during the next non-trivial
update.