[arch-commits] Commit in blinksocks/trunk (PKGBUILD)

Levente Polyak anthraxx at archlinux.org
Sat Feb 6 16:57:22 UTC 2021


    Date: Saturday, February 6, 2021 @ 16:57:22
  Author: anthraxx
Revision: 846910

upgpkg: blinksocks 3.3.8-3: fix files owned by uid 1000

This has serious security implications as the ownership means files are
writable by an unprivileged user and contain code breaking intended privilege
boundaries.

Modified:
  blinksocks/trunk/PKGBUILD

----------+
 PKGBUILD |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2021-02-06 16:57:20 UTC (rev 846909)
+++ PKGBUILD	2021-02-06 16:57:22 UTC (rev 846910)
@@ -2,7 +2,7 @@
 
 pkgname=blinksocks
 pkgver=3.3.8
-pkgrel=2
+pkgrel=3
 pkgdesc='A framework for building composable proxy protocol stack.'
 arch=('any')
 url='https://github.com/blinksocks/blinksocks'
@@ -20,6 +20,9 @@
 
   # Why 777? :/
   chmod -R u=rwX,go=rX "$pkgdir"
+  # npm gives ownership of ALL FILES to build user
+  # https://bugs.archlinux.org/task/63396
+  chown -R root:root "${pkgdir}"
 
   rm -r "$pkgdir"/usr/lib/node_modules/blinksocks/node_modules/{,.bin/}semver
 


More information about the arch-commits mailing list