Bugzilla Automation <[email protected]> has asked [email protected] for maintainer-feedback: Bug 227027: devel/qt5: insecure file perms in the pkg tarballs https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227027
--- Description --- There are at least 4400 instances of insecure g+w file perms in the qt5-* tarballs that pkg unpacks into /usr/local/include/qt5 on amd64 and likely all platforms. This changed sometime between mid Nov and end Jan. tar -tvf <tarball> | egrep '^.....w' Fix is to revert back to the correct and secure g-w. Incomplete tarball list... qt5-concurrent-5.9.4.txz qt5-core-5.9.4.txz qt5-dbus-5.9.4.txz qt5-gui-5.9.4_2.txz qt5-network-5.9.4_1.txz qt5-opengl-5.9.4.txz qt5-printsupport-5.9.4.txz qt5-svg-5.9.4.txz qt5-widgets-5.9.4.txz qt5-x11extras-5.9.4.txz
