[arch-commits] Commit in blinksocks/trunk (PKGBUILD)
Levente Polyak
anthraxx at archlinux.org
Sat Feb 6 16:57:22 UTC 2021
Date: Saturday, February 6, 2021 @ 16:57:22
Author: anthraxx
Revision: 846910
upgpkg: blinksocks 3.3.8-3: fix files owned by uid 1000
This has serious security implications as the ownership means files are
writable by an unprivileged user and contain code breaking intended privilege
boundaries.
Modified:
blinksocks/trunk/PKGBUILD
----------+
PKGBUILD | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-02-06 16:57:20 UTC (rev 846909)
+++ PKGBUILD 2021-02-06 16:57:22 UTC (rev 846910)
@@ -2,7 +2,7 @@
pkgname=blinksocks
pkgver=3.3.8
-pkgrel=2
+pkgrel=3
pkgdesc='A framework for building composable proxy protocol stack.'
arch=('any')
url='https://github.com/blinksocks/blinksocks'
@@ -20,6 +20,9 @@
# Why 777? :/
chmod -R u=rwX,go=rX "$pkgdir"
+ # npm gives ownership of ALL FILES to build user
+ # https://bugs.archlinux.org/task/63396
+ chown -R root:root "${pkgdir}"
rm -r "$pkgdir"/usr/lib/node_modules/blinksocks/node_modules/{,.bin/}semver
More information about the arch-commits
mailing list