PR: ports/136065 ports/127469
Submitted by: N.J. Mann <njm@njm.me.uk> and Aldis Berjoza <killasmurf86@gmail.com>
- Early identify port CONFLICTS
PR: 137855
Submitted by: Piotr Smyrak <smyru@heron.pl>
- Add --no-same-permissions to the EXTRACT_AFTER_ARGS command.
Tijl Coosemans has been reported an issue that when root is extracting from the
tarball, and the tarball contains world writable files
(sysutils/policykit as an example), there is a chance that the files
gets changed by malicious third parties right after the extraction,
which makes it possible to inject code into the package thus compromise
the system.
Submitted by: Tijl Coosemans <tijl@coosemans.org> Xin LI (delphij@)
- Fix some whitespaces
Tested with: exp-run
bsd.port.mk rev. 1.304 for details on the change.
The fix here is one of the following.
(1) Define USE_BZIP2 instead of BUILD_DEPENDS on bzip2 and redefining
EXTRACT_* commands.
(2) Change ${EXTRACT_CMD} to ${TAR} when the command is obviously
calling the "tar" command (i.e., arguments like "-xzf" are spelled
out).
(3) If ${EXTRACT_CMD} is called directly with ${EXTRACT_BEFORE_ARGS},
add ${EXTRACT_AFTER_ARGS} to the command line as well.
(4) If any of EXTRACT_CMD, EXTRACT_BEFORE_ARGS or EXTRACT_AFTER_ARGS
is set, define the other two too.
for files for which the checksum should not be checked.
(2) Use the PLIST variable to point to temporary PLIST in ${WRKSRC}.
Under no circumstances should a port modify a file in the
repository (${PKGDIR}/PLIST in this case).
