Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#78791 - [opendoas] Add a note to inform user about an important unfixed upstream bug
Attached to Project:
Arch Linux
Opened by Damon (TheDcoder) - Thursday, 15 June 2023, 14:45 GMT
Last edited by Toolybird (Toolybird) - Monday, 18 September 2023, 21:54 GMT
Opened by Damon (TheDcoder) - Thursday, 15 June 2023, 14:45 GMT
Last edited by Toolybird (Toolybird) - Monday, 18 September 2023, 21:54 GMT
|
DetailsAll versions of OpenDoas are effected with a bug which sets the secure $PATH with directories in the wrong order, potentially executing unintended versions of a command when a shell is used.
I have already filed an upstream bug report: https://github.com/Duncaen/OpenDoas/issues/117 Considering the lack of a quick response from upstream, we should add a post-install note to this package and inform the user about it so that they can be aware and patch their configuration to get around it. Or potentially even patch it ourselves for our builds. |
This task depends upon
Closed by Toolybird (Toolybird)
Monday, 18 September 2023, 21:54 GMT
Reason for closing: Deferred
Additional comments about closing: See comments
Monday, 18 September 2023, 21:54 GMT
Reason for closing: Deferred
Additional comments about closing: See comments
Comment by Toolybird (Toolybird) -
Thursday, 15 June 2023, 23:59 GMT
It's been like that since the year dot...doesn't seem like that big a drama. Please let us know when the upstream PR is concluded.