Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#76629 - [python-flask-cors] License file is executable
Attached to Project:
Community Packages
Opened by tocic (tocic) - Sunday, 20 November 2022, 09:45 GMT
Last edited by Chih-Hsuan Yen (yan12125) - Saturday, 17 December 2022, 10:23 GMT
Opened by tocic (tocic) - Sunday, 20 November 2022, 09:45 GMT
Last edited by Chih-Hsuan Yen (yan12125) - Saturday, 17 December 2022, 10:23 GMT
|
DetailsI'm wondering is there any reason why the /usr/share/licenses/python-flask-cors/LICENSE file has 655 permissions instead of 644?
Execute permissions can potentially cause security issues. It's 644 in the upstream archive — https://pypi.org/packages/source/F/Flask-Cors/Flask-Cors-3.0.10.tar.gz. For some reason, PKGBUILD changes it to 655 — https://github.com/archlinux/svntogit-community/blob/a477a44aea28bfd505e5447c6fdaaf7fce69b116/trunk/PKGBUILD#L33. Additional info: * python-flask-cors 3.0.10-3. * I wrote to the current maintainer a few months ago, but haven't received a response so far. * I was maintaining this package while it was in AUR and the file had 644 permissions. |
This task depends upon
Closed by Chih-Hsuan Yen (yan12125)
Saturday, 17 December 2022, 10:23 GMT
Reason for closing: Fixed
Additional comments about closing: python-flask-cors 3.0.10-4
Saturday, 17 December 2022, 10:23 GMT
Reason for closing: Fixed
Additional comments about closing: python-flask-cors 3.0.10-4
Comment by Chih-Hsuan Yen (yan12125) -
Thursday, 15 December 2022, 04:08 GMT
Hi demize, do you remember why -Dm655 is used for LICENSE?
Comment by Johannes Löthberg (demize) -
Thursday, 15 December 2022, 12:08 GMT
I would say copy-paste error or just not stopping to think about it if it was I who wrote it. :)
Comment by Chih-Hsuan Yen (yan12125) -
Thursday, 15 December 2022, 13:09 GMT
No problem! I will change it to 644 during the next non-trivial update.